About change user password

Frequent Advisor

About change user password

I use the Linux default setting in my RH 8 system , I force the user to change the password by the command ( chage -d0 user ) , but there are some restrictions of the new user password ( eg. not a dictionary word , can't too simple , can't same as the previous password ) , can suggest how can I change these restrictions so that user can change any password that they want ? thx in advance.
Alexander Chuzhoy
Honored Contributor

Re: About change user password

for start see the file /etc/login.defs
Steven E. Protter
Exalted Contributor

Re: About change user password


I advise against changing these setting too much. They provide security.

The cracklibrary is used to stop dictionay words. Because the crack utility uses the very same library to guess passwords.

The root user can set passwords that violate restrictions anyway.

Steven E Protter
Owner of ISN Corporation
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Vitaly Karasik_1
Honored Contributor

Re: About change user password

agree with Steven, but if you want to work without cracklib - delete pam_cracklib line from /etc/pam.d/system-auth

Frequent Advisor

Re: About change user password

Hi all

I tried to disable the line "password required /lib/security/pam_cracklib.so retry=3 type= " in the file /etc/pam.d/system-auth , but it is not work , when I login , it pop the below message

password unchanged
password unchanged
password unchanged

The below is the content of the file "/etc/pam.d/system-auth" , please suggest how to modify it ? thx

# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so

account required /lib/security/pam_unix.so

#password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shado
password required /lib/security/pam_deny.so

session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so