2

I am trying to change the password security check.

I would like to set rules for the password when adding a new user.

Here is the content of my /etc/pam.d/common-password file:

password    requisite   pam_cracklib.so retry=3 minlen=15 difok=3
password    [success=1 default=ignore]  pam_unix.so obscure use_authtok try_first_pass sha512
password    requisite           pam_deny.so
password    required            pam_permit.so
password    optional    pam_gnome_keyring.so

But when adding a new user, the system is still accepting for example short passwords! It just says by the 1st try typing the password, that the pass is too short, but when i re-type it, it accepts it!

How can I prevent it? And how can I set the following rules aswell:

  • Minimum length: 15 characters
  • upper- and lower case
  • 1 number must be included
  • 1 symbol must be included
ZelelB
  • 205

1 Answers1

1

Please note, you can set any password using root account, there rules accepted for users that trying to change it's own password.

To set password expiration and other parameters for all new users you should check /etc/login.defs file.

Actually your rules looks like correct, I think you just try to set password using root, but superuser (root) should have full access to system and it's not rational to prevent that user to do something.

user3417815
  • 737
  • 6
  • 15