• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 533
  • Last Modified:

Password too short error.

Hi expert,

I have RedHat Linux 7.2 installed.  When I create a new user and password.  I got “password too short” error message when I put 4 characters in the password field. I have to put 6 or more characters.  Have any ideas how to fix it?  Thanks in advance! –Dennis
0
wengcheok
Asked:
wengcheok
1 Solution
 
RobsonCommented:
Change password for user from root account ('passwd user' when logged root).
0
 
petereileringCommented:
/etc/login.defs

PASS_MIN_LEN 5 (this is default)
change it to your needs :-)
0
 
wengcheokAuthor Commented:
petereilering,

Thank you for your help.  That was it.  I am wondering if I want to write a shell script to add 50 users in once.  What steps should I need to do or have any ideas how to do it?  Just a thought!
useradd –u uid -g gid -d /home -s /bin/tcsh -m -r user1

Thank you in advance! –Dennis
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
wengcheokAuthor Commented:
It was too early to say.  I am still getting the 'PASSWORD TOO short' error message.  I already tried change PASS_MIN_LEN 0 instead of 5.  What other directories or files I need to do the changes?  Any suggestions?  Thanks in advance!
0
 
Vinni-PuxCommented:
Information from "man passwd" :-)
"Remember the following two principles:
Protect  your password.
Don't write down your password - memorize it.
In particular, don't write it down and leave it anywhere, and don't
place it in an unencrypted file!  Use unrelated passwords for
systems controlled by different organizations.  Don't give or share your
password, in particular to someone claiming to be from
computer support or a vendor.  Don't let anyone watch you enter your password.  Don't enter your password to a computer you don't trust or if things "look funny"; someone may be trying to hijack your password. Use the password for a limited time and change it periodically. Choose a hard-to-guess password.
Passwd will try to prevent you from choosing a really bad password, but it isn't foolproof; create your password wisely.
Don't use something you'd find in a dictionary (in any language or jargon). Don't use a name (including that of a spouse, parent, child, pet, fantasy character, famous person, and location) or any
variation of your personal or account name.  Don't use accessible information about you (such as your phone number, license plate, or social security number) or your environment.  Don't use a birthday or a simple pattern (such as "qwerty", "abc", or "aaa").  Don't use any of those backwards, followed by a digit, or preceded by a digit. Instead, use a mixture of upper and lower case letters, as well as digits or punctuation.  When choosing a new password, make sure it's unrelated to any previous password. Use long passwords (say 8 characters long).  You might use a word pair with punctuation inserted, a passphrase (an understandable sequence of words), or the first
letter of each word in a passphrase.
     These principles are partially enforced by the system, but only partly so. Vigilence on your part will make the system much more secure."
  If these rules of construction are not clear or do not approach then сhange password for user from root account ('passwd username' when logged root), To enter the simple password and not paying attention to warnings of the system repeat this once again.
0
 
GnsCommented:
Um, /etc/login.defs is from the shadow-utils package.... the message about BAD passwd is from pam_cracklib (since RH7.2 uses pluggable authentication modules), so it (login.defs) isn't relevant to this question.

Look at the possible parameters to pam_cracklib (set in /etc/pam.d/passwd (or if pam_stack is used as it is in RH7.1, /etc/pam.d/system-auth)) and the effect of different values in the /usr/share/doc/pam-*/txts/README.pam_cracklib file, and in section 6.3 of the /usr/share/doc/pam-*/txts/pam.txt file.
As you'll see there are several options pertaining to this question.

Specifically look at section 6.3.3, * minlen=N ...
There it is stated that there is a hardcoded limit ("way to short") set to 4, and a defined limit set to 6. This means that even if you do as they suggest, and recompile cracklib and pam_cracklib, your shortest possible password would still be 5 characters.

So it looks like you'll have to live with it.

-- Glenn
0
 
GnsCommented:
Or stop using pam ... at least for checking passwords.

I wouldn't recommend that though. Insecure and messy.

-- Glenn
0
 
GnsCommented:
What did you end up doing Dennis (he asked, 10 months later:)?

-- Glenn (Who is going through the "real-old-unlocked-questions" he has commented in)
0
 
wengcheokAuthor Commented:
The problem was on creating user password in GNOME interface.  It still requires 6 or more characters long password.  But, here is my solution.  I was able to reset the user password on command-line prompt using 2 or more characters.
0
 
GnsCommented:
That it was a GUI app missbehaving is new information, that you should have shared earlier. From reading your comments, this is not evident, and furthermore... well, it doesn't look like that, from the comments.
No matter.
If none of the suggestions/information helped you on your way, I'd suggest you have Community Support PAQ this, and refund your points.

-- Glenn
0
 
CleanupPingCommented:
wengcheok:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
drewberCommented:
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.
 

Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.

 
If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp
 
drewber
0
 
GnsCommented:
As per my earlier recommendation, if none of the comments were of any help... :-).

-- Glenn
0
 
paullamhkgCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

PAQ - no points refunded

Please leave any comments here within the next four days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

paullamhkg
EE Cleanup Volunteer
0
 
Computer101Commented:
PAQed - no points refunded (of 25)

Computer101
E-E Admin
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now