What is PAM cracklib
Red Hat Enterprise Linux can be configured to verify that passwords cannot be guessed easily. On Red Hat Enterprise Linux this check is performed by the Pluggable Authentication Module (PAM) /lib/security/pam_cracklib.so. It checks to ensure that passwords are a minimum length and verifies that a password does not occur in a dictionary.
The dictionary used by this module is located in /usr/lib/ and is in cracklib format. By default, each of the dictionary files is prefixed with the file name cracklib_dict.
Let’s see how to create a dictionary for pam_cracklib:
1. Create a file with words that needs to be added into the dictionary using cracklib-format and cracklib-packer. For Example, create a words.txt file with user names.
# getent passwd | cut -d: -f1 > /root/words.txt
2. Create a directory for the custom dictionary file.
# mkdir /usr/local/my_dictionary
3. Create a dictionary named my_words in /usr/local/my_dictionary directory.
# cd /usr/local/my_dictionary # cracklib-format /root/words.txt | cracklib-packer my_words
4. Verify the files were created.
# file my_words.\* my_words.hwm: data my_words.pwd: data my_words.pwi: Cracklib password index, little endian (39 words)
Point the directory name /usr/local/my_dictionary for the pam_cracklib module with dictpath=/usr/local/my_dictionary/my_words when configuring pam.