How to Require Unique Passwords

Could you try your luck in helping me find a way to require unique passwords on Red Hat?  Everything I've found so far is advice on CHOOSING a unique password - nothing so far on requiring that your users choose one.
MgBoonsboroAsked:
Who is Participating?
 
m1tk4Commented:
I see :) . Add this:

password     required     pam_cracklib.so retry=3 minlength=10

to /etc/pam.d/passwd

.
0
 
CoccoBillCommented:
I believe RedHat (Fedora?) uses pam_cracklib: http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html
0
 
TintinCommented:
Depends a little on what you consider to be a "unique" password.  Do you mean that no one else on the system should have the same password as anyone else?
0
 
m1tk4Commented:
You can not do that, and, realistically, it would make very little sense if you could.

If you enforced the rule, the error message would alert the user that the password already exists. From there, it's only one step to try all usernames in /etc/passwd which is world-readable.

The encrypted passwords in /etc/shadow use username/uid as part of crypt salt, so even if 2 different users do have the same password, their hashes would look different in that file.
0
 
TintinCommented:
I realise that unique passwords would be very silly, I suspect "unique" should read "strong".
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.