Monday, April 26, 2010

Enforce password strength-checking policy with pam_cracklib

You can enforce password strength-checking policy by installing libpam-cracklib module.
apt-get install libpam-cracklib
Edit /etc/pam.d/common-password as the following:
# The line below must be commented out
# password required pam_unix.so nullok obscure md5

password required pam_cracklib.so retry=3 minlen=8 difok=4
password required pam_unix.so use_authtok nullok md5
The cracklib PAM module provides password strength-checking, prompts for a new password with a minimum length of 8 characters, a difference of at least 4 characters from the old password, and allows 3 retries.

No comments :

Post a Comment