Password Quality Requirements
The default pam cracklib PAM module provides strength checking for passwords. It performs a number of checks, such as making sure passwords are not similar to dictionary words, are of at least a certain length, are not the previous password reversed, and are not simply a change of case from the previous password. It can also require passwords to be in certain character classes.
The pam passwdqc PAM module provides the ability to enforce even more stringent password strength requirements.
It is provided in an RPM of the same name.
The man pages pam cracklib(8) and pam passwdqc(8) provide information on the capabilities and configuration of each.
Using the Password Generator
cPanel provides a helpful tool for generating secure passwords that are difficult for malicious users to guess. You can use the Password Generator anywhere the button is available.
When the Password Generator button is clicked, the new password will appear in the text box within the pop-up window. If the password in the text box is not suitable, you can click Generate Password as many times as you like, until you are satisfied with the password.
To dictate the contents of the new password:
Click Advanced Options.
Click the checkboxes to include or leave out uppercase letters, lowercase letters, numbers, or symbols. You can specify the length of the password in the Length text box.
Click the checkbox at the bottom of the pop-up window if you have copied the password in a safe place.
Click Use Password to use the password you have just generated.
How to set up the admin’s password using GUI if you do not know the current admin’s password:
Log in to the Panel using the server power user credentials.
If you have at least one own subscription, skip this step. Otherwise, create a subscription:
1. In the left frame, click Hosting Services > Subscriptions.
2. Click Add New Subscription.
3. Specify a website and subscription info and click OK.
Go to the Control Panel: click the Control Panel link next to your subscription.
Go to the Users tab.
Click the ‘Admin‘ link in the list of user account.
Under the Panel Preferences, type in the new password and its confirmation, and click OK.
How to set up the admin’s password using CLI After Installation
When Parallels Plesk Panel is installed, a random password is generated for the user ‘admin’, which replaces the old scheme when the same default password was used on all installations. This change was done to protect servers with freshly installed Panel from hacking by bots that use the default password.
After the installation is finished, you can set the admin’s password being authenticated in the Panel with credentials of the server system power user, that is “root” on Linux systems.
The admin’s password can be set up during the Panel initialization (this is the best way), or afterwards.
Issue the following command (you should have the power user privileges):
On Linux/Unix:
PSA_PASSWORD=[new_password] /usr/local/psa/bin/init_conf –set-admin-password -passwd
Reference: http://parallels.com/
Password Aging under Red Hat Enterprise Linux
Password aging is another technique used by system administrators to defend against bad passwords within an organization. Password aging means that after a specified period (usually 90 days), the user is prompted to create a new password. The theory behind this is that if a user is forced to change his password periodically, a cracked password is only useful to an intruder for a limited amount of time. The downside to password aging, however, is that users are more likely to write their passwords down.
There are two primary programs used to specify password aging under Red Hat Enterprise Linux: the chage command or the graphical User Manager (system-config-users) application. The -M option of the chage command specifies the maximum number of days the password is valid. For example, to set a user’s password to expire in 90 days, use the following command:
In the above command, replace with the name of the user. To disable password expiration, it is traditional to use a value of 99999 after the -M option (this equates to a little over 273 years). You can also use the chage command in interactive mode to modify multiple password aging and account details. Use the following command to enter interactive mode:
The following is a sample interactive session using this command:
[root@buddy ~]# chage buddy
