https://community.hpe.com/t5/operating-system-linux/password-complexity-question/m-p/3604003#M19138 Jeff,<BR /><BR />Read the Linux-PAM System Administrators' Guide by Andrew G. Morgan at:<BR /><BR /><A href="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html" target="_blank">http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html</A><BR /><BR />-Ross Mon, 15 Aug 2005 12:20:40 GMT Ross Minkov 2005-08-15T12:20:40Z https://community.hpe.com/t5/operating-system-linux/password-complexity-question/m-p/3604001#M19136 Hi,<BR />We are changing lots of passwords to comply with password complexity requirements. However, I know there are certain characters which are not acceptable for O/S users. In fact, in the passwd man page there is the following statement:<BR />Care must be taken not to include the system default erase or kill characters. passwd will reject any password which is not suitably complex.<BR /><BR />Can anyone tell me:<BR />a) what those characters are<BR />b) evidence to support this <BR /><BR />Thanks<BR />Jeff<BR /> Mon, 15 Aug 2005 10:34:58 GMT https://community.hpe.com/t5/operating-system-linux/password-complexity-question/m-p/3604001#M19136 Jeff Ohlhausen 2005-08-15T10:34:58Z https://community.hpe.com/t5/operating-system-linux/password-complexity-question/m-p/3604002#M19137 A couple of these special characters are * and !.<BR /><BR />Linux uses the /etc/shadow file to store the passwds. An example of the * character is that it is used to denote a disabled/locked acct.<BR /><BR />An example of the ! character is if you use the commands 'passwd -l' or 'usermod -L'. This will place the ! character in front of the encrypted passwd effectively locking/disabling the acct.<BR /><BR />There is also the configuration of the pam module that will allow/disallow certain characters. You can define this to be loose or tight, however you want.<BR /><BR />With the pam_cracklib module you can enforce various restrictions. Mon, 15 Aug 2005 11:11:09 GMT https://community.hpe.com/t5/operating-system-linux/password-complexity-question/m-p/3604002#M19137 Rick Garland 2005-08-15T11:11:09Z https://community.hpe.com/t5/operating-system-linux/password-complexity-question/m-p/3604003#M19138 Jeff,<BR /><BR />Read the Linux-PAM System Administrators' Guide by Andrew G. Morgan at:<BR /><BR /><A href="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html" target="_blank">http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html</A><BR /><BR />-Ross Mon, 15 Aug 2005 12:20:40 GMT https://community.hpe.com/t5/operating-system-linux/password-complexity-question/m-p/3604003#M19138 Ross Minkov 2005-08-15T12:20:40Z https://community.hpe.com/t5/operating-system-linux/password-complexity-question/m-p/3604004#M19139 Everyone,<BR />Thank you for your help so far but we still haven't really answered the original question. <BR />1. Where can I get a list of 'bad' characters<BR />Thanks<BR />Jeff Mon, 15 Aug 2005 12:26:30 GMT https://community.hpe.com/t5/operating-system-linux/password-complexity-question/m-p/3604004#M19139 Jeff Ohlhausen 2005-08-15T12:26:30Z https://community.hpe.com/t5/operating-system-linux/password-complexity-question/m-p/3604005#M19140 Hi Jeff,<BR /><BR />he other 2 cases of special case characters are "@" and "#". But the problem is only occurs when you use a telnet session. In an SSH session none of these characters causes problems. In telnet session you can use "\" just before '@" ot "#". Normally in other unixes I havent faced problems with "!" character. "!" is found to be taken as a normal charactersbut not the other two.For example assume your password is P@ssw0rd!23.<BR />Here you can disable the special case of "@" bye using "P\@ssw0rd!23".<BR /><BR />I have a tried this in HP-UX.<BR /><BR /><BR />Regards,<BR />Syam Mon, 15 Aug 2005 12:30:19 GMT https://community.hpe.com/t5/operating-system-linux/password-complexity-question/m-p/3604005#M19140 Ranjith_5 2005-08-15T12:30:19Z