• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

“BAD PASSWD : is too simple” – error during password change in CentOS/RHEL 7 and 8

by admin

Question: How too avoid the warning “BAD PASSWD : is too simple” when changing password in Linux?

1. Modify the configuration file /etc/pam.d/password-auth and /etc/pam.d/system-auth to set the password complexity.

# vi /etc/pam.d/password-auth

The following information are displayed.

auth        required      pam_env.so
auth        sufficient    pam_unix.so try_first_pass nullok
auth        required      pam_deny.so
account     required      pam_unix.so
#password   requisite     pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=0 enforce_for_root
password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password    required      pam_deny.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

Add a comment tag (#) before the pam_cracklib.so line in the password-auth configuration file to comment out the line.

# vi /etc/pam.d/system-auth

The following information are displayed:

auth        required      pam_env.so
auth        sufficient    pam_unix.so try_first_pass nullok
auth        required      pam_deny.so
account     required      pam_unix.so
#password   requisite     pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=0 enforce_for_root
#password   requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow use_authtok
password    required      pam_deny.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

Add a comment tag (#) before the pam_cracklib.so and pam_pwquality.so line in the system-auth configuration file to comment out the line.

Remove use_authtok parameter from this line:

password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow use_authtok

Parameter settings in the pam_cracklib.so and pam_pwquality.so line control user password complexity and enforce_for_root indicates that the password of the root user also needs to meet the password complexity requirements.

Note: Lowering the password complexity can bring risks to the systems.

Filed Under: CentOS/RHEL, CentOS/RHEL 7, CentOS/RHEL 8, Linux

Some more articles you might also be interested in …

  1. How To Check Current Values for Kernel Tuning Parameters in CentOS/RHEL
  2. How to Increase KVM Guest Memory Resources
  3. PAM password complexity and pam_cracklib credit system in CentOS/RHEL
  4. How to enable bind query logging to find out Who’s Querying a Name Server
  5. “Failed to start test.mount: Unit is not loaded properly: Invalid argument.” – While mounting a fileystem using systemd
  6. How to Set Resource Limits for a Process with Systemd in CentOS/RHEL 7 and 8
  7. killall Command Examples in Linux
  8. How to interpret Linux martian source messages
  9. What are SELinux Modes and how to set them
  10. How to use ldconfig Command in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • JavaFX ComboBox: Set a value to the combo box
  • Nginx load balancing
  • nginx 504 gateway time-out
  • Images preview with ngx_http_image_filter_module

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright