Password Quality Requirements

The default pam cracklib PAM module provides strength checking for passwords. It performs a number of checks, such as making sure passwords are not similar to dictionary words, are of at least a certain length, are not the previous password reversed, and are not simply a change of case from the previous password. It can also require passwords to be in certain character classes.

The pam passwdqc PAM module provides the ability to enforce even more stringent password strength requirements.

It is provided in an RPM of the same name.

The man pages pam cracklib(8) and pam passwdqc(8) provide information on the capabilities and configuration of each.

Comments are closed.