I am checking the password complexity of ocredit in /etc/pam.d/password-auth which is this line :

password   requisite pam_pwquality.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=1 gecoscheck=1

I would like to grep the ocredit value "1" and make it as variable, let say check_ocredit.

My script would be checking, if the ocredit value is not 0, then it will return "true", otherwise, it will show what is the current value set in /etc/pam.d/password-auth.

Here's my logic that I'm going to implement :

if [[ $check_ocredit -ne "0" ]]

then

   true

else

   echo "Current ocredit value is : $check_ocredit"

fi

The output will looks like this :

Current ocredit value is : 1

I try with :

grep ocredit /etc/pam.d/password-auth | awk '{print $10}' | awk -F "=" '{print $2}'

But I was thinking, what if ocredit is missing, or it is not at 10th position.. so my result would be wrong. Can anyone advice me on this?