Yolinux.com

pwquality.conf manpage

Search topic Section


PWQUALITY.CONF(5)	      File Formats Manual	     PWQUALITY.CONF(5)



NAME
       pwquality.conf - configuration for the libpwquality library

SYNOPSIS
       /etc/security/pwquality.conf

DESCRIPTION
       pwquality.conf provides a way to configure the default password quality
       requirements for the system passwords. This file is read by  the	 libp-
       wquality	 library  and utilities that use this library for checking and
       generating passwords.

       The file has a very simple name = value format with  possible  comments
       starting with # character. The whitespace at the beginning of line, end
       of line, and around the = sign is ignored.


OPTIONS
       The possible options in the file are:

	   difok
	       Number of characters in the  new	 password  that	 must  not  be
	       present in the old password. (default 5)

	   minlen
	       Minimum acceptable size for the new password (plus one if cred-
	       its are not disabled which is the  default).  (See  pam_pwqual-
	       ity(8).)	 Cannot be set to lower value than 6. (default 9)

	   dcredit
	       The  maximum  credit  for having digits in the new password. If
	       less than 0 it is the minimum number of digits in the new pass-
	       word. (default 1)

	   ucredit
	       The  maximum  credit for having uppercase characters in the new
	       password.  If less than 0 it is the minimum number of uppercase
	       characters in the new password. (default 1)

	   lcredit
	       The  maximum  credit for having lowercase characters in the new
	       password.  If less than 0 it is the minimum number of lowercase
	       characters in the new password. (default 1)

	   ocredit
	       The maximum credit for having other characters in the new pass-
	       word.  If less than 0 it is the minimum number of other charac-
	       ters in the new password. (default 1)

	   minclass
	       The  minimum  number  of required classes of characters for the
	       new password (digits, uppercase, lowercase,  others).  (default
	       0)

	   maxrepeat
	       The  maximum  number  of allowed same consecutive characters in
	       the new password.  The check is disabled if  the	 value	is  0.
	       (default 0)

	   maxsequence
	       The  maximum length of monotonic character sequences in the new
	       password.  Examples of such sequence are	 '12345'  or  'fedcb'.
	       Note  that  most	 such  passwords  will not pass the simplicity
	       check unless the sequence is only a minor part of the password.
	       The check is disabled if the value is 0. (default 0)

	   maxclassrepeat
	       The  maximum  number  of	 allowed consecutive characters of the
	       same class in the new password.	The check is disabled  if  the
	       value is 0. (default 0)

	   gecoscheck
	       If  nonzero,  check  whether the words longer than 3 characters
	       from the GECOS field of the user's passwd entry	are  contained
	       in  the new password.  The check is disabled if the value is 0.
	       (default 0)

	   badwords
	       Space separated list of words that must not be contained in the
	       password. These are additional words to the cracklib dictionary
	       check. This setting can be also used by applications to emulate
	       the gecos check for user accounts that are not created yet.

	   dictpath
	       Path to the cracklib dictionaries. Default is to use the crack-
	       lib default.


SEE ALSO
       pwscore(1), pwmake(1), pam_pwquality(8)


AUTHORS
       Tomas Mraz <tmraz@redhat.com>



Red Hat, Inc.			  10 Nov 2011		     PWQUALITY.CONF(5)