Question: How too avoid the warning “BAD PASSWD : is too simple” when changing password in Linux?
1. Modify the configuration file /etc/pam.d/password-auth and /etc/pam.d/system-auth to set the password complexity.
# vi /etc/pam.d/password-auth
The following information are displayed.
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass nullok
auth required pam_deny.so
account required pam_unix.so
#password requisite pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=0 enforce_for_root
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
Add a comment tag (#) before the pam_cracklib.so line in the password-auth configuration file to comment out the line.
# vi /etc/pam.d/system-auth
The following information are displayed:
auth required pam_env.so auth sufficient pam_unix.so try_first_pass nullok auth required pam_deny.so account required pam_unix.so #password requisite pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=0 enforce_for_root #password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so
Add a comment tag (#) before the pam_cracklib.so and pam_pwquality.so line in the system-auth configuration file to comment out the line.
Remove use_authtok parameter from this line:
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow use_authtok
Parameter settings in the pam_cracklib.so and pam_pwquality.so line control user password complexity and enforce_for_root indicates that the password of the root user also needs to meet the password complexity requirements.