API tools faq
paste
rodrigosantosbr

linux password complexity

rodrigosantosbr
Jul 16th, 2019
76
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Markdown 2.13 KB | None | 0 0
raw download clone embed print report

Install the password quality checking library with this command:

apt-get -y install libpam-pwquality

The files that contain most of the settings we're going to edit will be:

  • /etc/pam.d/common-password on Debian-base systems
  • /etc/pam.d/system-auth on RedHat

Complexity settings

You can require:

  • uppercase characters
  • lowercase characters
  • digits
  • other characters (e.g., punctuation marks)
  • a mix of the above
  • a restriction on the number of characters in any particular class (uppercase, lowercase, etc.)
  • a restriction on how many times the same character can be used
  • the number of characters that have to be different from those used in the previous password
  • restrictions on password re-use

The settings include:

  • minlen = minimum password length
  • minclass = the minimum number of character types that must be used (i.e., uppercase, lowercase, digits, other). If set to 2, minclass would require you to use characters from two classes (like uppercase and lowercase / lowercase and digits, etc).
  • maxrepeat = the maximum number of times a single character may be repeated
  • maxclassrepeat = the maximum number of characters in a row that can be in the same class
  • lcredit = maximum number of lowercase characters that will generate a credit
  • ucredit = maximum number of uppercase characters that will generate a credit. To set at least one upper-case letters in the password, add a word 'ucredit=-1'
  • dcredit = maximum number of digits that will generate a credit
  • ocredit = maximum number of special characters that will generate a credit.
  • difok = the minimum number of characters that must be different from the old password
  • remember = the number of passwords that will be remembered by the system so that they cannot be used again
  • Implementing these settings in your common-password file might look like this:
password   requisite        pam_pwquality.so retry=3 minlen=12 minclass=3 maxrepeat=2 maxclassrepeat=4 lcredit=-1 ucredit=-1 ocredit=1 dcredit=1 difok=3
password      [success=1 default=ignore]      pam_unix.so obscure use_authtok try_first_pass sha512 remember=10
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!