You can enforce password strength-checking policy by installing
libpam-cracklib module.
apt-get install libpam-cracklib
Edit
/etc/pam.d/common-password as the following:
# The line below must be commented out
# password required pam_unix.so nullok obscure md5
password required pam_cracklib.so retry=3 minlen=8 difok=4
password required pam_unix.so use_authtok nullok md5
The cracklib PAM module provides password strength-checking, prompts for a new password with a minimum length of 8 characters, a difference of at least 4 characters from the old password, and allows 3 retries.
No comments :
Post a Comment