?
Solved

Password too short error.

Posted on 2002-07-11
15
Medium Priority
?
516 Views
Last Modified: 2013-12-16
Hi expert,

I have RedHat Linux 7.2 installed.  When I create a new user and password.  I got “password too short” error message when I put 4 characters in the password field. I have to put 6 or more characters.  Have any ideas how to fix it?  Thanks in advance! –Dennis
0
Comment
Question by:wengcheok
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 4

Expert Comment

by:Robson
ID: 7148492
Change password for user from root account ('passwd user' when logged root).
0
 
LVL 1

Expert Comment

by:petereilering
ID: 7148715
/etc/login.defs

PASS_MIN_LEN 5 (this is default)
change it to your needs :-)
0
 

Author Comment

by:wengcheok
ID: 7149642
petereilering,

Thank you for your help.  That was it.  I am wondering if I want to write a shell script to add 50 users in once.  What steps should I need to do or have any ideas how to do it?  Just a thought!
useradd –u uid -g gid -d /home -s /bin/tcsh -m -r user1

Thank you in advance! –Dennis
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:wengcheok
ID: 7150175
It was too early to say.  I am still getting the 'PASSWORD TOO short' error message.  I already tried change PASS_MIN_LEN 0 instead of 5.  What other directories or files I need to do the changes?  Any suggestions?  Thanks in advance!
0
 

Expert Comment

by:Vinni-Pux
ID: 7152824
Information from "man passwd" :-)
"Remember the following two principles:
Protect  your password.
Don't write down your password - memorize it.
In particular, don't write it down and leave it anywhere, and don't
place it in an unencrypted file!  Use unrelated passwords for
systems controlled by different organizations.  Don't give or share your
password, in particular to someone claiming to be from
computer support or a vendor.  Don't let anyone watch you enter your password.  Don't enter your password to a computer you don't trust or if things "look funny"; someone may be trying to hijack your password. Use the password for a limited time and change it periodically. Choose a hard-to-guess password.
Passwd will try to prevent you from choosing a really bad password, but it isn't foolproof; create your password wisely.
Don't use something you'd find in a dictionary (in any language or jargon). Don't use a name (including that of a spouse, parent, child, pet, fantasy character, famous person, and location) or any
variation of your personal or account name.  Don't use accessible information about you (such as your phone number, license plate, or social security number) or your environment.  Don't use a birthday or a simple pattern (such as "qwerty", "abc", or "aaa").  Don't use any of those backwards, followed by a digit, or preceded by a digit. Instead, use a mixture of upper and lower case letters, as well as digits or punctuation.  When choosing a new password, make sure it's unrelated to any previous password. Use long passwords (say 8 characters long).  You might use a word pair with punctuation inserted, a passphrase (an understandable sequence of words), or the first
letter of each word in a passphrase.
     These principles are partially enforced by the system, but only partly so. Vigilence on your part will make the system much more secure."
  If these rules of construction are not clear or do not approach then сhange password for user from root account ('passwd username' when logged root), To enter the simple password and not paying attention to warnings of the system repeat this once again.
0
 
LVL 20

Expert Comment

by:Gns
ID: 7196121
Um, /etc/login.defs is from the shadow-utils package.... the message about BAD passwd is from pam_cracklib (since RH7.2 uses pluggable authentication modules), so it (login.defs) isn't relevant to this question.

Look at the possible parameters to pam_cracklib (set in /etc/pam.d/passwd (or if pam_stack is used as it is in RH7.1, /etc/pam.d/system-auth)) and the effect of different values in the /usr/share/doc/pam-*/txts/README.pam_cracklib file, and in section 6.3 of the /usr/share/doc/pam-*/txts/pam.txt file.
As you'll see there are several options pertaining to this question.

Specifically look at section 6.3.3, * minlen=N ...
There it is stated that there is a hardcoded limit ("way to short") set to 4, and a defined limit set to 6. This means that even if you do as they suggest, and recompile cracklib and pam_cracklib, your shortest possible password would still be 5 characters.

So it looks like you'll have to live with it.

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
ID: 7196144
Or stop using pam ... at least for checking passwords.

I wouldn't recommend that though. Insecure and messy.

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
ID: 8647880
What did you end up doing Dennis (he asked, 10 months later:)?

-- Glenn (Who is going through the "real-old-unlocked-questions" he has commented in)
0
 

Author Comment

by:wengcheok
ID: 8649974
The problem was on creating user password in GNOME interface.  It still requires 6 or more characters long password.  But, here is my solution.  I was able to reset the user password on command-line prompt using 2 or more characters.
0
 
LVL 20

Expert Comment

by:Gns
ID: 8655128
That it was a GUI app missbehaving is new information, that you should have shared earlier. From reading your comments, this is not evident, and furthermore... well, it doesn't look like that, from the comments.
No matter.
If none of the suggestions/information helped you on your way, I'd suggest you have Community Support PAQ this, and refund your points.

-- Glenn
0
 

Expert Comment

by:CleanupPing
ID: 9076986
wengcheok:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 1

Expert Comment

by:drewber
ID: 9220367
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.
 

Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.

 
If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp
 
drewber
0
 
LVL 20

Expert Comment

by:Gns
ID: 9222054
As per my earlier recommendation, if none of the comments were of any help... :-).

-- Glenn
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 10380093
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

PAQ - no points refunded

Please leave any comments here within the next four days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

paullamhkg
EE Cleanup Volunteer
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 10420910
PAQed - no points refunded (of 25)

Computer101
E-E Admin
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month11 days, 9 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question