Setting Password Policy With PAM

HomeNetworks
Juliet Kemp
By Juliet Kemp

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Last week I talked about testing the strength of users’ passwords. Another
way to ensure security is to set a good password policy.

The PAM module pam_cracklib can enforce both length and
complexity. For length, it uses the minlen option. For complexity, it
has options dcredit, ucredit, lcredit, and

ocredit, which refer to digit, upper-case character, lower-case
character, and other character, respectively. A value of -1 for one of these
means “require one character of this type,” and a value of 1 means “give 1
credit for this type.” The credit system involves giving “length credits” for
using non-lowercase characters (so you can have a shorter password than the
minimum length if it uses non-lowercase characters), but this can be confusing
for users, so it may be best to just require certain types of character.

Try the following line in /etc/pam.d/common-password in Debian-type distros or
/etc/pam.d/system-auth in RedHat-type distros:

password requisite pam_cracklib.so retry=3 minlen=10 
   difok=3 dcredit=-1 ucredit=-1 lcredit=-1

This will set a maximum of three attempts at getting an acceptable password (users
can always rerun passwd to try again); a 10-character minimum length;
a minimum of three characters different from the last password; and a requirement
that the password contain at least one each of digit, lower-case character,
and upper-case character.

Finally, to make all your users change their passwords regularly, edit the
/etc/login.defs file to set the PASS_MAX_DAYS variable to
the maximum time allowed before changing a password. This affects only new
accounts; use the command chage to affect existing users.

This article was first published on ServerWatch.com.

Previous article
Linux Promotion in Mall Kiosks
Next article
Interop: What Are Your Datacenter Metrics?

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles

Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation’s focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

Advertisers

Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2023 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.