Implement password character or length constraints

Home > CentOS > CentOS 6.x > Miscellaneous OS configuration > Implement password character or length constraints

We can implement minimum password length, password should have at least one small letter, etc. constraints by editing /etc/pam.d/system-auth file. In this file edit following line:

password requisite pam_cracklib.so retry=3 minlen=9 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1

where:

• lcredit is for lower case letters
• ucredit is for upper case letters
• dcredit is for digits
• ocredit is for other characters, ie, 'o' in ocredit is stands for other

Configuration is done as follows:

• To set some minimum length for each type use values -1, -2 etc.
• All the characters have one credit by default. If we want to increases credit of characters then we can set some positive value for above parameters. For example if we use 'minlen=6 lcredit=1 ucredit=2' then we would need six characters password consisting of only digits OR we would need three letter password consisting of only small letters OR we would need two letter password consisting of only capital letters to make total 6 credits. Note that 1 credit is there for each character by default, and additional credits can be defined by giving positive values to parameters like lcredit, ucredit, etc.

Home > CentOS > CentOS 6.x > Miscellaneous OS configuration > Implement password character or length constraints