2

I am trying to change the password security check.

I would like to set rules for the password when adding a new user.

Here is the content of my /etc/pam.d/common-password file:

password    requisite   pam_cracklib.so retry=3 minlen=15 difok=3
password    [success=1 default=ignore]  pam_unix.so obscure use_authtok try_first_pass sha512
password    requisite           pam_deny.so
password    required            pam_permit.so
password    optional    pam_gnome_keyring.so

But when adding a new user, the system is still accepting for example short passwords! It just says by the 1st try typing the password, that the pass is too short, but when i re-type it, it accepts it!

How can I prevent it? And how can I set the following rules aswell:

  • Minimum length: 15 characters
  • upper- and lower case
  • 1 number must be included
  • 1 symbol must be included
ZelelB
  • 205
  • 1
  • 5
  • 12
  • anyone could help please? – ZelelB May 02 '15 at 14:38
  • 2
    I think you misunderstood a few about that, did you tried to set your own password of unprivileged account? It should accept this rules – user3417815 May 03 '15 at 18:51
  • nope.. I was logged on with root or a privileged account, and tried to add a new user, and I was asked to set a password, and it accepted all passes, even with 3 characters – ZelelB May 03 '15 at 19:07
  • 1
    I mean, using root you can set any password you want. There is another subset of rules for ALL accounts – user3417815 May 03 '15 at 19:07
  • 1
    Try to set own password of unprivileged account, it will follow your rules – user3417815 May 03 '15 at 19:08
  • THANK YOU very much for you help!!! I am new here, and I was trying since 5days to get that done! :( – ZelelB May 03 '15 at 19:13
  • And how to AUTOMATICALLY: 1) set expiry date of a new user-account is 1 year? 2) force user to change password after 1 month? but that both things are done automatically with creating a new account.. not done extra with command line – ZelelB May 03 '15 at 19:31
  • Please check `man chage`for that. I think this is that you need. Maybe you will also found usefull `/etc/adduser.conf` and `/etc/default/useradd` – user3417815 May 03 '15 at 19:57
  • I saw that.. but it is done for every user.. I mean, it is not the default values to set to every new user I create! I want to set the default values, like when I add a new user, he will automatically have an expiry date of his password of 1 month! chage make it specific for every added user.. I need to specify when etc.. – ZelelB May 03 '15 at 20:11
  • 1
    oh, ok. It's `/etc/login.defs` file, check it out – user3417815 May 03 '15 at 20:14
  • http://www.cyberciti.biz/tips/linux-set-default-password-expiry-for-all-new-users.html – user3417815 May 03 '15 at 20:15
  • yes it is! thanks :))) How can I upvote comments here?! – ZelelB May 03 '15 at 20:20
  • I mean if it's good answer for you – user3417815 May 03 '15 at 20:22
  • another thing.. everything is alright with the added user, (with adduser) has a home directory, but could not login in the GUI! It says always that the password is false, as if the user doesn't exist at all! How could I fix that? – ZelelB May 04 '15 at 15:09
  • Please try to add another user with that command and let me know login results `sudo useradd -m -d /home/anotheruser -s /bin/bash anotheruser && sudo passwd anotheruser` of course set password for that user. – user3417815 May 04 '15 at 15:25
  • the command worked, but I still cannot login in the GUI :/ – ZelelB May 06 '15 at 22:52
  • show me content of user directory `sudo ls -la /home/anotheruser` – user3417815 May 07 '15 at 00:00
  • sorry but how do I set that every new created useraccount, expire after 1 year? not the password, but the user account? and for every new created user, automatically.. like the default value of account-expiration – ZelelB May 25 '15 at 18:23
  • 1
    Possible duplicate of [How do you set requirements (such as minimum length) on passwords?](http://askubuntu.com/questions/156850/how-do-you-set-requirements-such-as-minimum-length-on-passwords) – muru Jan 20 '17 at 01:37

1 Answers1

1

Please note, you can set any password using root account, there rules accepted for users that trying to change it's own password.

To set password expiration and other parameters for all new users you should check /etc/login.defs file.

Actually your rules looks like correct, I think you just try to set password using root, but superuser (root) should have full access to system and it's not rational to prevent that user to do something.

user3417815
  • 707
  • 6
  • 15