pam_passwdqc

=Password quality-control PAM module= Main Menu

pam_passwdqc
The **pam_passwdqc** module is a simple password strength checking module for PAM. In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated ones.

Original system-auth file:



 * I issued the **passwd** command to change my password. There are few restrictions on the password and I was able to change my password to a recently used password. I was not instructed to enter special characters, numbers or upper case letters.



Updated Configuration

 * To enhance the security of the system I will implement the pam_passwdqc module to check the strength of the password.
 * The first step is to verify that the passwdqc.so file exists in the /lib/security directory
 * The next step is to modify the /etc/pam.d/system-auth file.

Modified system-auth file:



 * Added: **password required pam_passwdqc.so max=10**
 * This will enable the password quality-control module and set the maximum password length to 10 characters.


 * I issued the **passwd** command again and this time the prompt gives a description of a valid quality password.




 * If a password that is more than 10 characters is entered the user will get the following message: //This password may be too long for some services. Choose another.//



@http://penguinsecurity.net/wiki/index.php?title=Enforce_strong_passwords_with_pam_passwdqc
 * Resources**