diff -Naru orig/src/pwquality.conf new/src/pwquality.conf --- orig/src/pwquality.conf 2021-02-24 19:02:56.475452913 -0600 +++ new/src/pwquality.conf 2021-02-24 19:02:24.371454075 -0600 @@ -1,41 +1,51 @@ +# Original values are commented out. Minimum password length can be six +# characters with this configuration if there is enough complexity. +# # Configuration for systemwide password quality limits -# Defaults: # # Number of characters in the new password that must not be present in the # old password. # difok = 1 +difok = 6 # # Minimum acceptable size for the new password (plus one if # credits are not disabled which is the default). (See pam_cracklib manual.) # Cannot be set to lower value than 6. # minlen = 8 +minlen = 10 # # The maximum credit for having digits in the new password. If less than 0 # it is the minimum number of digits in the new password. # dcredit = 0 +dcredit = 1 # # The maximum credit for having uppercase characters in the new password. # If less than 0 it is the minimum number of uppercase characters in the new # password. # ucredit = 0 +ucredit = 1 # # The maximum credit for having lowercase characters in the new password. # If less than 0 it is the minimum number of lowercase characters in the new # password. # lcredit = 0 +lcredit = 1 # # The maximum credit for having other characters in the new password. # If less than 0 it is the minimum number of other characters in the new # password. -# ocredit = 0 +# lcredit = 0 +ocredit = 1 # # The minimum number of required classes of characters for the new # password (digits, uppercase, lowercase, others). # minclass = 0 +minclass = 3 # # The maximum number of allowed consecutive same characters in the new password. # The check is disabled if the value is 0. # maxrepeat = 0 +maxrepeat = 2 # # The maximum number of allowed consecutive characters of the same class in the # new password. @@ -45,6 +55,7 @@ # Whether to check for the words from the passwd entry GECOS string of the user. # The check is enabled if the value is not 0. # gecoscheck = 0 +gecoscheck = 1 # # Whether to check for the words from the cracklib dictionary. # The check is enabled if the value is not 0.