How to Require Unique Passwords

Posted on 2007-08-08
Last Modified: 2013-12-16
Could you try your luck in helping me find a way to require unique passwords on Red Hat?  Everything I've found so far is advice on CHOOSING a unique password - nothing so far on requiring that your users choose one.
Question by:MgBoonsboro
    LVL 19

    Expert Comment

    I believe RedHat (Fedora?) uses pam_cracklib:
    LVL 48

    Expert Comment

    Depends a little on what you consider to be a "unique" password.  Do you mean that no one else on the system should have the same password as anyone else?
    LVL 15

    Expert Comment

    You can not do that, and, realistically, it would make very little sense if you could.

    If you enforced the rule, the error message would alert the user that the password already exists. From there, it's only one step to try all usernames in /etc/passwd which is world-readable.

    The encrypted passwords in /etc/shadow use username/uid as part of crypt salt, so even if 2 different users do have the same password, their hashes would look different in that file.
    LVL 48

    Expert Comment

    I realise that unique passwords would be very silly, I suspect "unique" should read "strong".
    LVL 15

    Accepted Solution

    I see :) . Add this:

    password     required retry=3 minlength=10

    to /etc/pam.d/passwd


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now