• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

“BAD PASSWD : is too simple” – error during password change in CentOS/RHEL 7 and 8

by admin

Question: How too avoid the warning “BAD PASSWD : is too simple” when changing password in Linux?

1. Modify the configuration file /etc/pam.d/password-auth and /etc/pam.d/system-auth to set the password complexity.

# vi /etc/pam.d/password-auth

The following information are displayed.

auth        required      pam_env.so
auth        sufficient    pam_unix.so try_first_pass nullok
auth        required      pam_deny.so
account     required      pam_unix.so
#password   requisite     pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=0 enforce_for_root
password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password    required      pam_deny.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

Add a comment tag (#) before the pam_cracklib.so line in the password-auth configuration file to comment out the line.

# vi /etc/pam.d/system-auth

The following information are displayed:

auth        required      pam_env.so
auth        sufficient    pam_unix.so try_first_pass nullok
auth        required      pam_deny.so
account     required      pam_unix.so
#password   requisite     pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=0 enforce_for_root
#password   requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow use_authtok
password    required      pam_deny.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

Add a comment tag (#) before the pam_cracklib.so and pam_pwquality.so line in the system-auth configuration file to comment out the line.

Remove use_authtok parameter from this line:

password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow use_authtok

Parameter settings in the pam_cracklib.so and pam_pwquality.so line control user password complexity and enforce_for_root indicates that the password of the root user also needs to meet the password complexity requirements.

Note: Lowering the password complexity can bring risks to the systems.

Filed Under: CentOS/RHEL, CentOS/RHEL 7, CentOS/RHEL 8, Linux

Some more articles you might also be interested in …

  1. CentOS / RHEL 5 : How to password-protect single user mode
  2. CentOS / RHEL : How to allow or deny Users to login to VSFTP Server
  3. scrot: command not found
  4. dnsrecon: command not found
  5. ifconfig command not found – CentOS/RHEL 7
  6. isosize: command not found
  7. atop: command not found
  8. tlp-stat Command Examples in Linux
  9. asar – A file archiver for the Electron platform (Command Examples)
  10. Linux OS Service ‘setroubleshoot’

You May Also Like

Primary Sidebar

Recent Posts

  • aws ec2: CLI for AWS EC2 (Command Examples)
  • aws cur – Create, query, and delete AWS usage report definitions (Command Examples)
  • aws configure – Manage configuration for the AWS CLI (Command Examples)
  • aws cognito-idp: Manage Amazon Cognito user pool and its users and groups using the CLI

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright