Thursday, May 2, 2024
Homepage · password
 Popular · Latest · Hot · Upcoming
76
rated 0 times [  76] [ 0]  / answers: 1 / hits: 160304  / 2 Years ago, tue, january 4, 2022, 5:53:58

I know that it is a "bad" idea, I know that it is not secure, I know. I searched the net for an answer and all I saw was whining that it's not good. But I like using Linux because it lets me make the system I want and like to use. The end of intro.


I try to change password:


user:~% passwd

Changing password for user.

(current) UNIX password:

Enter new UNIX password:

Retype new UNIX password:

You must choose a longer password

If I try sudo passwd user then I can set any password I want so I don't need password complexity checks for passwd on my system.


After googling I've found that there should be PAM module pam_cracklib that tests password for complexity and it can be configured. But my PAM password settings doesn't include pam_cracklib:


% cat /etc/pam.d/passwd | grep '^[^#]'

@include common-password

% cat /etc/pam.d/common-password | grep '^[^#]'

password    [success=1 default=ignore]  pam_unix.so obscure sha512

password    requisite           pam_deny.so

password    required            pam_permit.so

password    optional    pam_gnome_keyring.so

I guess that pam_unix makes this test... Oops... Guys, the moment I finished to write this sentence I've got an enlightenment and typed man pam_unix in terminal
where I've found needed options for pam_unix module.


I just removed option obscure and added minlen=1 and now I'm happy. So now I have this line in /etc/pam.d/common-password:


password    [success=1 default=ignore]  pam_unix.so minlen=1 sha512

and I can set any password.


I decided to keep this post for people who might need this solution also.


More From » password
 Answers
3

Ok, I will answer my question :)



I've found that pam_unix module performs password complexity check and it can be configured.



man pam_unix:



   minlen=n

       Set a minimum password length of n characters. The default value is

       6. The maximum for DES crypt-based passwords is 8 characters.



   obscure

       Enable some extra checks on password strength. These checks are

       based on the "obscure" checks in the original shadow package. The

       behavior is similar to the pam_cracklib module, but for

       non-dictionary-based checks.


Solution:

Alter the line in the pam_unix module in the /etc/pam.d/common-password file to:



password    [success=1 default=ignore]  pam_unix.so minlen=1 sha512


It allows you to set any password with minimal length of 1.


[#39814] Wednesday, January 5, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
defendle
Add To Favorites
Follow
Total Points: 219
Total Questions: 131
Total Answers: 112
Location: Finland
Member since Sat, Nov 6, 2021
3 Years ago
;