How to Check Password Modification Complexity

Password modification complexity check

The corresponding password policy modules of Linux are: PAM_ Passwdqc and PAM_ pwquality . PAM_The passwdqc module corresponds to /etc/login.defs ,pam_ Pwquality corresponds to /etc/security/pwquality.conf

Module adding method: etc/pam.d/passwd

vi /etc/pam.d/passwd
password required pam_pwquality.so retry=3

or

echo "password required pam_pwquality.so retry=3" >> /etc/pam.d/passwd

Open the password complexity verification configuration file / etc / security/ pwquality.conf

vi /etc/security/pwquality.conf
retry=3Defines the number of retries that can be made if the login/change password fails.
Difok=0#defines that there must be several characters in the new password to be different from the old one. but if more than 1/2 of the characters in the new password are different from the old one, that new password will be accepted.
minlen=0#defines the minimum length of the user's password.
dcredit=0#defines how many digits must be included in the user's password.
ucredit=0#defines how many uppercase letters must be included in the user's password.
lcredit=0#defines how many lowercase letters must be included in the user's password.
ocredit=0# defines how many special characters (other than numbers and letters) must be included in the user's password.
# where =-1 means that at least one

Modify password validity file/etc/login.defs

PASS_MAX_DAYS   99999     #The maximum validity of the password, 99999: permanent period
PASS_MIN_DAYS 0 # whether the password can be changed, 0 can be changed, non-0 how many days after the password can be changed
PASS_MIN_LEN 5 #Minimum length of password, use pam_cracklib module, this parameter is no longer valid
PASS_WARN_AGE 7 # how many days before the password expires to notify the user to change the password when they log in

Read More: