https://community.hpe.com/t5/operating-system-linux/how-to-define-password-policy-on-linux/m-p/3542523#M17529 The default password policy for Linux requires passwords a minimum of six characters.<BR /><BR />2 Expiration can be scripted with the passwd command.<BR /><BR /><BR />passwd -x maxdays<BR /><BR />3 Password re-use is not permitted although I don't know what the default depth is.<BR /><BR />4 Account is not locked after 3 fails. This can be done by script:<BR />strings /var/log/btmp | grep username | wc -l<BR /><BR />If the username shows up three times issue a passwd -l <USERNAME> and its locked.<BR /><BR />5 Not sure this can be done. It can with hpux.<BR /><BR />7 (6?) the crack library prevents this for regular users<BR /><BR />Its almost all built in, though it requires some scripting.<BR /><BR /><A href="http://www.tldp.org" target="_blank">http://www.tldp.org</A> has some docs that can help you do this in a more integrated way.<BR /><BR />SEP</USERNAME> Wed, 11 May 2005 14:34:23 GMT Steven E. Protter 2005-05-11T14:34:23Z https://community.hpe.com/t5/operating-system-linux/how-to-define-password-policy-on-linux/m-p/3542522#M17528 How to define the following password policy on Linux:<BR /><BR />1. Length must be at least 6 characters<BR />2. expire after 90 days<BR />3. Cannot reuse previous password<BR />4. Account is locked after 3 failed attempts. Unlocked after 15 minutes.<BR />5. User is required to change password after first login (after servicedesk creates the account).<BR />7. Password can not be the same as the username.<BR /><BR />Thanks! Wed, 11 May 2005 12:26:30 GMT https://community.hpe.com/t5/operating-system-linux/how-to-define-password-policy-on-linux/m-p/3542522#M17528 yyghp 2005-05-11T12:26:30Z https://community.hpe.com/t5/operating-system-linux/how-to-define-password-policy-on-linux/m-p/3542523#M17529 The default password policy for Linux requires passwords a minimum of six characters.<BR /><BR />2 Expiration can be scripted with the passwd command.<BR /><BR /><BR />passwd -x maxdays<BR /><BR />3 Password re-use is not permitted although I don't know what the default depth is.<BR /><BR />4 Account is not locked after 3 fails. This can be done by script:<BR />strings /var/log/btmp | grep username | wc -l<BR /><BR />If the username shows up three times issue a passwd -l <USERNAME> and its locked.<BR /><BR />5 Not sure this can be done. It can with hpux.<BR /><BR />7 (6?) the crack library prevents this for regular users<BR /><BR />Its almost all built in, though it requires some scripting.<BR /><BR /><A href="http://www.tldp.org" target="_blank">http://www.tldp.org</A> has some docs that can help you do this in a more integrated way.<BR /><BR />SEP</USERNAME> Wed, 11 May 2005 14:34:23 GMT https://community.hpe.com/t5/operating-system-linux/how-to-define-password-policy-on-linux/m-p/3542523#M17529 Steven E. Protter 2005-05-11T14:34:23Z https://community.hpe.com/t5/operating-system-linux/how-to-define-password-policy-on-linux/m-p/3542524#M17530 SEP covered most of the points already.<BR /><BR />I'll add this:<BR /><BR />5. Create the user with an expired password already. First login will ask for a new password.<BR /><BR />Most of the other bits and pieces is PAM territory. The password restrictions are all 'pam_cracklib' stuff (you should have '/usr/share/doc/pam-0.*/txts/README.pam_cracklib' on your system which documents it), and it's reasonably powerful.<BR /><BR />One thing I have noticed though is that Linux can sometimes let a user through the password change routine upon login, but the expiration values are updated. I've only seen this in an NIS situation however. Wed, 11 May 2005 19:31:34 GMT https://community.hpe.com/t5/operating-system-linux/how-to-define-password-policy-on-linux/m-p/3542524#M17530 Stuart Browne 2005-05-11T19:31:34Z https://community.hpe.com/t5/operating-system-linux/how-to-define-password-policy-on-linux/m-p/3542525#M17531 <BR />the requirement of length, reusing of previous password, password not of same as username can be set through PAM configuration. read the pam module document to findout how to do this.<BR /><BR />expire can be set through passwd -x<BR /><BR />if you are using latest SUSE distribution there is option to force the user to change password after first login. option is passwd -e<BR /><BR />Regards,<BR />Gopi Thu, 12 May 2005 01:23:48 GMT https://community.hpe.com/t5/operating-system-linux/how-to-define-password-policy-on-linux/m-p/3542525#M17531 Gopi Sekar 2005-05-12T01:23:48Z