The pam_pwquality (previously pam_cracklib) module is used to check password complexity against a set of rules. It checks if the password is found in a dictionary; if not, it will continue with additional checks.
The config file is
/etc/security/pwquality.conf but, if in use, it can be configured in
To add the password policies, just add the options you need in
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= minlen=16 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
minlen– minimum password lenght
lcredit– minimum number of lowercase letters
ucredit– minimun numer of uppercase letters
dcredit– minium number of digits
ocredit– minimum number of special characters
In this case,
-1 means that the password must have at least one character of that type. You can change this number as you prefer.
If you need to enforce the policies even for the root user, use the
You can also add policies using the
authconfig --enablereqlower --enablerequpper --enablereqdigit --enablereqother --passminlen=8 --update