Ubuntu: How do you set requirements (such as minimum length) on passwords?



Question:

Is there any way to set up minimum passcode requirements, such as a minimum length, requirement of mixed case alphanumerics and at least 1 symbol in the passcode, and enforce that at passcode changes?


Solution:1

Password complexity in Ubuntu is controlled by PAM. Unfortunately, PAM is "typically Unix" like in its approach. Meaning that it spreads its configuration through a large number of very confusing files.

The file that controls password complexity is:

/etc/pam.d/common-password  

There is a line:

password [success=1 default=ignore] pam_unix.so obscure sha512  

Which defines the basic rules for password complexity. You can add a minimum length override by changing it to:

password [success=1 default=ignore] pam_unix.so obscure sha512 minlen=12  

or whatever minimum you want. As you can see, the default already defines some basic obscurity rules. These basic rules can be seen in:

man pam_unix  

Search for "obscure".

There are a large number of pam modules that can be installed.

apt-cache search libpam-  

Should show you them.

You will need to hunt down the documenation for them I'm afraid. But the "cracklib" is a common addition.

UPDATE: I should have pointed out that the default "obscure" parameter includes tests for complexity based on previous passwords and simplicity (length, number of different types of character). The example in the manpage shows cracklib in action. Install libpam_cracklib to get that working.

Also, once you have worked out what to change, the changes are the same in other files so that you can enforce the same (or different) password checks for SSH and other applications.


Solution:2

Password values are controlled in the file

/etc/pam.d/common-password  

For more information on how to modify the file see pam_unix manpage


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »