Experts Exchange connects you with the people and services you need so you can get back to work.
Improve company productivity with a Business Account.Sign Up
WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network. Check out this quarters report on the threats that shook the industry in Q4 2017.
[root@ms1 ~]# ls /etc/pam.d/
atd eject other reboot screen ssh-keycat system-auth
chfn fingerprint-auth passwd remote smartcard-auth su system-auth-ac
chsh fingerprint-auth-ac password-auth rhn_register smartcard-auth-ac subscription-manager
config-util halt password-auth-ac run_init smtp sudo
crond login polkit-1 runuser smtp.postfix sudo-i
cvs newrole poweroff runuser-l sshd su-l
Open in new window
How do I change the default password length?
Updated August 18 2005 at 10:00 PM
The default password length is usually 8 characters. In order to improve security longer passwords can be enforced. Pluggable Authentication Module (PAM) is used for login authentication. We will make changes to the pam_cracklib module to control how the user authenticates.
Important: Make sure to make a backup of your /lib/security directory and your /etc/pam.d/system-auth before making any changes. Making changes to PAM can cause a system to become inaccessible.
Create backup then list contents of the tar file:
# tar -cvf backup.tar /etc/pam.d/system-auth /lib/security/*
# tar -tf backup.tar
Open file /etc/pam.d/system-auth file with an editor such as vi. Inside the /etc/pam.d/system-auth file you will find line:
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type=
Replace the line with:
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10
Make the changes carefully. If a change is made and the system becomes inaccessible, go into rescue mode and replace the files with the backup files previously created.
Once the proper changes have been made to the system-auth file and everything is working as desired, a backup of the new system-auth should be made. If the authconfig command is used, it will overwrite the system-auth file.
If a single digit number is used in the password, an extra character must be used in the password.
More detailed information about Pluggable Authentication Module can be found in additional Knowledgebase articles.
Additional reference material can be found at: http://www.puschitz.com/SecuringLinux.shtml#EnforcingStrongerPasswords
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Please enter a first name
Please enter a last name
Must be at least 4 characters long.
Join and Comment
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.