wengcheok
asked on
Password too short error.
Hi expert,
I have RedHat Linux 7.2 installed. When I create a new user and password. I got “password too short” error message when I put 4 characters in the password field. I have to put 6 or more characters. Have any ideas how to fix it? Thanks in advance! –Dennis
I have RedHat Linux 7.2 installed. When I create a new user and password. I got “password too short” error message when I put 4 characters in the password field. I have to put 6 or more characters. Have any ideas how to fix it? Thanks in advance! –Dennis
Robson
Change password for user from root account ('passwd user' when logged root).
/etc/login.defs
PASS_MIN_LEN 5 (this is default)
change it to your needs :-)
PASS_MIN_LEN 5 (this is default)
change it to your needs :-)
ASKER
petereilering,
Thank you for your help. That was it. I am wondering if I want to write a shell script to add 50 users in once. What steps should I need to do or have any ideas how to do it? Just a thought!
useradd –u uid -g gid -d /home -s /bin/tcsh -m -r user1
Thank you in advance! –Dennis
Thank you for your help. That was it. I am wondering if I want to write a shell script to add 50 users in once. What steps should I need to do or have any ideas how to do it? Just a thought!
useradd –u uid -g gid -d /home -s /bin/tcsh -m -r user1
Thank you in advance! –Dennis
ASKER
It was too early to say. I am still getting the 'PASSWORD TOO short' error message. I already tried change PASS_MIN_LEN 0 instead of 5. What other directories or files I need to do the changes? Any suggestions? Thanks in advance!
Information from "man passwd" :-)
"Remember the following two principles:
Protect your password.
Don't write down your password - memorize it.
In particular, don't write it down and leave it anywhere, and don't
place it in an unencrypted file! Use unrelated passwords for
systems controlled by different organizations. Don't give or share your
password, in particular to someone claiming to be from
computer support or a vendor. Don't let anyone watch you enter your password. Don't enter your password to a computer you don't trust or if things "look funny"; someone may be trying to hijack your password. Use the password for a limited time and change it periodically. Choose a hard-to-guess password.
Passwd will try to prevent you from choosing a really bad password, but it isn't foolproof; create your password wisely.
Don't use something you'd find in a dictionary (in any language or jargon). Don't use a name (including that of a spouse, parent, child, pet, fantasy character, famous person, and location) or any
variation of your personal or account name. Don't use accessible information about you (such as your phone number, license plate, or social security number) or your environment. Don't use a birthday or a simple pattern (such as "qwerty", "abc", or "aaa"). Don't use any of those backwards, followed by a digit, or preceded by a digit. Instead, use a mixture of upper and lower case letters, as well as digits or punctuation. When choosing a new password, make sure it's unrelated to any previous password. Use long passwords (say 8 characters long). You might use a word pair with punctuation inserted, a passphrase (an understandable sequence of words), or the first
letter of each word in a passphrase.
These principles are partially enforced by the system, but only partly so. Vigilence on your part will make the system much more secure."
If these rules of construction are not clear or do not approach then сhange password for user from root account ('passwd username' when logged root), To enter the simple password and not paying attention to warnings of the system repeat this once again.
"Remember the following two principles:
Protect your password.
Don't write down your password - memorize it.
In particular, don't write it down and leave it anywhere, and don't
place it in an unencrypted file! Use unrelated passwords for
systems controlled by different organizations. Don't give or share your
password, in particular to someone claiming to be from
computer support or a vendor. Don't let anyone watch you enter your password. Don't enter your password to a computer you don't trust or if things "look funny"; someone may be trying to hijack your password. Use the password for a limited time and change it periodically. Choose a hard-to-guess password.
Passwd will try to prevent you from choosing a really bad password, but it isn't foolproof; create your password wisely.
Don't use something you'd find in a dictionary (in any language or jargon). Don't use a name (including that of a spouse, parent, child, pet, fantasy character, famous person, and location) or any
variation of your personal or account name. Don't use accessible information about you (such as your phone number, license plate, or social security number) or your environment. Don't use a birthday or a simple pattern (such as "qwerty", "abc", or "aaa"). Don't use any of those backwards, followed by a digit, or preceded by a digit. Instead, use a mixture of upper and lower case letters, as well as digits or punctuation. When choosing a new password, make sure it's unrelated to any previous password. Use long passwords (say 8 characters long). You might use a word pair with punctuation inserted, a passphrase (an understandable sequence of words), or the first
letter of each word in a passphrase.
These principles are partially enforced by the system, but only partly so. Vigilence on your part will make the system much more secure."
If these rules of construction are not clear or do not approach then сhange password for user from root account ('passwd username' when logged root), To enter the simple password and not paying attention to warnings of the system repeat this once again.
Um, /etc/login.defs is from the shadow-utils package.... the message about BAD passwd is from pam_cracklib (since RH7.2 uses pluggable authentication modules), so it (login.defs) isn't relevant to this question.
Look at the possible parameters to pam_cracklib (set in /etc/pam.d/passwd (or if pam_stack is used as it is in RH7.1, /etc/pam.d/system-auth)) and the effect of different values in the /usr/share/doc/pam-*/txts/
As you'll see there are several options pertaining to this question.
Specifically look at section 6.3.3, * minlen=N ...
There it is stated that there is a hardcoded limit ("way to short") set to 4, and a defined limit set to 6. This means that even if you do as they suggest, and recompile cracklib and pam_cracklib, your shortest possible password would still be 5 characters.
So it looks like you'll have to live with it.
-- Glenn
Look at the possible parameters to pam_cracklib (set in /etc/pam.d/passwd (or if pam_stack is used as it is in RH7.1, /etc/pam.d/system-auth)) and the effect of different values in the /usr/share/doc/pam-*/txts/
As you'll see there are several options pertaining to this question.
Specifically look at section 6.3.3, * minlen=N ...
There it is stated that there is a hardcoded limit ("way to short") set to 4, and a defined limit set to 6. This means that even if you do as they suggest, and recompile cracklib and pam_cracklib, your shortest possible password would still be 5 characters.
So it looks like you'll have to live with it.
-- Glenn
Or stop using pam ... at least for checking passwords.
I wouldn't recommend that though. Insecure and messy.
-- Glenn
I wouldn't recommend that though. Insecure and messy.
-- Glenn
What did you end up doing Dennis (he asked, 10 months later:)?
-- Glenn (Who is going through the "real-old-unlocked-questio
-- Glenn (Who is going through the "real-old-unlocked-questio
ASKER
The problem was on creating user password in GNOME interface. It still requires 6 or more characters long password. But, here is my solution. I was able to reset the user password on command-line prompt using 2 or more characters.
That it was a GUI app missbehaving is new information, that you should have shared earlier. From reading your comments, this is not evident, and furthermore... well, it doesn't look like that, from the comments.
No matter.
If none of the suggestions/information helped you on your way, I'd suggest you have Community Support PAQ this, and refund your points.
-- Glenn
No matter.
If none of the suggestions/information helped you on your way, I'd suggest you have Community Support PAQ this, and refund your points.
-- Glenn
wengcheok:
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.
Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.
If the user does not know how to close the question, the options are here:
https://www.experts-exchange.com/help/closing.jsp
drewber
Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.
If the user does not know how to close the question, the options are here:
https://www.experts-exchange.com/help/closing.jsp
drewber
As per my earlier recommendation, if none of the comments were of any help... :-).
-- Glenn
-- Glenn
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:
PAQ - no points refunded
Please leave any comments here within the next four days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
paullamhkg
EE Cleanup Volunteer
I will leave the following recommendation for this question in the Cleanup topic area:
PAQ - no points refunded
Please leave any comments here within the next four days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
paullamhkg
EE Cleanup Volunteer
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.