On Apache
Under GNU General Public License
2024-04-27 01:43 @52.15.59.163 CrawledBy Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
PWQUALITY.CONF(5) File Formats Manual PWQUALITY.CONF(5)
NAME
pwquality.conf - configuration for the libpwquality library
SYNOPSIS
/etc/security/pwquality.conf
DESCRIPTION
pwquality.conf provides a way to configure the default password quality requirements for
the system passwords. This file is read by the libpwquality library and utilities that use
this library for checking and generating passwords.
The file has a very simple name = value format with possible comments starting with #
character. The whitespace at the beginning of line, end of line, and around the = sign is
ignored.
OPTIONS
The possible options in the file are:
difok
Number of characters in the new password that must not be present in the old pass-
word. (default 5)
minlen
Minimum acceptable size for the new password (plus one if credits are not disabled
which is the default). (See pam_pwquality(8).) Cannot be set to lower value than
6. (default 9)
dcredit
The maximum credit for having digits in the new password. If less than 0 it is the
minimum number of digits in the new password. (default 1)
ucredit
The maximum credit for having uppercase characters in the new password. If less
than 0 it is the minimum number of uppercase characters in the new password.
(default 1)
lcredit
The maximum credit for having lowercase characters in the new password. If less
than 0 it is the minimum number of lowercase characters in the new password.
(default 1)
ocredit
The maximum credit for having other characters in the new password. If less than
0 it is the minimum number of other characters in the new password. (default 1)
minclass
The minimum number of required classes of characters for the new password (digits,
uppercase, lowercase, others). (default 0)
maxrepeat
The maximum number of allowed same consecutive characters in the new password.
The check is disabled if the value is 0. (default 0)
maxsequence
The maximum length of monotonic character sequences in the new password. Examples
of such sequence are '12345' or 'fedcb'. Note that most such passwords will not
pass the simplicity check unless the sequence is only a minor part of the pass-
word. The check is disabled if the value is 0. (default 0)
maxclassrepeat
The maximum number of allowed consecutive characters of the same class in the new
password. The check is disabled if the value is 0. (default 0)
gecoscheck
If nonzero, check whether the words longer than 3 characters from the GECOS field
of the user's passwd entry are contained in the new password. The check is dis-
abled if the value is 0. (default 0)
badwords
Space separated list of words that must not be contained in the password. These
are additional words to the cracklib dictionary check. This setting can be also
used by applications to emulate the gecos check for user accounts that are not
created yet.
dictpath
Path to the cracklib dictionaries. Default is to use the cracklib default.
SEE ALSO
pwscore(1), pwmake(1), pam_pwquality(8)
AUTHORS
Tomas Mraz <tmraz AT redhat.com>
Red Hat, Inc. 10 Nov 2011 PWQUALITY.CONF(5)
Generated by $Id: phpMan.php,v 4.55 2007/09/05 04:42:51 chedong Exp $ Author: Che Dong
On Apache
Under GNU General Public License
2024-04-27 01:43 @52.15.59.163 CrawledBy Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)