blob: 12074cebea4d85220a9409edc5e1e443d595c734 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
diff -Naru orig/src/pwquality.conf new/src/pwquality.conf
--- orig/src/pwquality.conf 2018-04-25 09:22:11.713803238 -0500
+++ new/src/pwquality.conf 2018-04-25 09:37:00.997776911 -0500
@@ -1,41 +1,51 @@
+# Original values are commented out. Minimum password length can be six
+# characters with this configuration if there is enough complexity.
+#
# Configuration for systemwide password quality limits
-# Defaults:
#
# Number of characters in the new password that must not be present in the
# old password.
# difok = 1
+difok = 6
#
# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
# Cannot be set to lower value than 6.
# minlen = 8
+minlen = 10
#
# The maximum credit for having digits in the new password. If less than 0
# it is the minimum number of digits in the new password.
# dcredit = 0
+dcredit = 1
#
# The maximum credit for having uppercase characters in the new password.
# If less than 0 it is the minimum number of uppercase characters in the new
# password.
# ucredit = 0
+ucredit = 1
#
# The maximum credit for having lowercase characters in the new password.
# If less than 0 it is the minimum number of lowercase characters in the new
# password.
# lcredit = 0
+lcredit = 1
#
# The maximum credit for having other characters in the new password.
# If less than 0 it is the minimum number of other characters in the new
# password.
-# ocredit = 0
+# lcredit = 0
+ocredit = 1
#
# The minimum number of required classes of characters for the new
# password (digits, uppercase, lowercase, others).
# minclass = 0
+minclass = 3
#
# The maximum number of allowed consecutive same characters in the new password.
# The check is disabled if the value is 0.
# maxrepeat = 0
+maxrepeat = 2
#
# The maximum number of allowed consecutive characters of the same class in the
# new password.
@@ -45,6 +55,7 @@
# Whether to check for the words from the passwd entry GECOS string of the user.
# The check is enabled if the value is not 0.
# gecoscheck = 0
+gecoscheck = 1
#
# Path to the cracklib dictionaries. Default is to use the cracklib default.
# dictpath =
|
