• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to add words to the dictionary cracklib uses for validating passwords against known dictionary words

by admin

How can we add additional words to the list of words checked by password dictionary of pam_cracklib in Red Hat Enterprise Linux 6?

What is PAM cracklib

Red Hat Enterprise Linux can be configured to verify that passwords cannot be guessed easily. On Red Hat Enterprise Linux this check is performed by the Pluggable Authentication Module (PAM) /lib/security/pam_cracklib.so. It checks to ensure that passwords are a minimum length and verifies that a password does not occur in a dictionary.

The dictionary used by this module is located in /usr/lib/ and is in cracklib format. By default, each of the dictionary files is prefixed with the file name cracklib_dict.

This module has a number of parameters, some of the more useful are below:

Parameter Description
minlen Specifies the minimum length allowed for an account
difok Specifies the minimum number of characters that have to differ from the previous password

An example of implementation of this would be to add the following line to the /etc/pam.d/system-auth file:

password   required   /lib/security/pam_cracklib.so retry=3 type= minlen=8 difok=3
Note: The type= argument does not need a value unless you want to define this parameter. Defining it will alter the message printed as a prompt to the user.

Additional information about the pam_cracklib module can be found on system documentation at: /usr/share/doc/pam-/txts/README.pam_cracklib

Adding new words to cracklib disctionary

Follow the below steps to add words to the dictionary cracklib uses for validating passwords against known dictionary words.

1. Ensure you have below rpm’s installed on your CentOS/RHEL/Fedora server:

pam-1.1.1-22.0.1.el6.x86_64
cracklib-2.8.16-4.el6.x86_64
cracklib-dicts-2.8.16-4.el6.x86_64
words-3.0-17.el6.noarch

Note the version of rpms will change according to the OS version.

2. Check Whether the new word to be added to the dictionary already existing in the dictionary or not.

# echo "pwd1234@" | cracklib-check
pwd1234@: OK

The “OK” in the output indicates that the new word is not already included in the dictionary.

3. Modify /usr/share/dict/linux.words and add “pwd1234@” to last.

# vi /usr/share/dict/linux.words
pwd1234@

3. Verify the file that the entry has been added.

# tail /usr/share/dict/linux.words
Zyzomys
Zyzzogeton
zyzzyva
zyzzyvas
ZZ
Zz
zZt
ZZZ
pwd1234@

4. Update the cracklib Dictionary with below command:

# create-cracklib-dict /usr/share/dict/linux.words

5. Now check once again whether the same has been added to Dictionary or not?

# echo "pwd1234@" | cracklib-check
pwd1234@: it is based on a dictionary word

The new word is already in the dictionary as seen from the output above.

6. Now try the same password from user as well

$ passwd
Changing password for user test.
Changing password for test.
(current) UNIX password:
New password: >>>>>>>>>>>>> Input pwd1234@
BAD PASSWORD: it is based on a dictionary word

As you can see from the output above, the new word added to the dictionary cannot be used as a password now.

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, CentOS/RHEL 8, Fedora, Linux

Some more articles you might also be interested in …

  1. bsdtar command – Read and write tape archive files
  2. What are SELinux Users and how to Map Linux Users to SELinux Users
  3. 11 Useful “ssh” and “scp” Commands in Linux
  4. foreman Command Examples in Linux
  5. Log watching using tail or less
  6. head Command Examples in Linux
  7. lvmdump Command Examples in Linux
  8. groupdel: command not found
  9. LVM Commands Fail With “Failed to load config file /etc/lvm/lvm.conf”
  10. pkill: command not found

You May Also Like

Primary Sidebar

Recent Posts

  • nixos-rebuild Command Examples in Linux
  • nixos-option: Command Examples in Linux
  • nixos-container : Command Examples in Linux
  • nitrogen Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright