pwquality.conf(5) - configuration for the libpwquality library



  • PWQUALITY.CONF(5)	      File Formats Manual	     PWQUALITY.CONF(5)
    
    
    
    NAME
           pwquality.conf - configuration for the libpwquality library
    
    SYNOPSIS
           /etc/security/pwquality.conf
    
    DESCRIPTION
           pwquality.conf provides a way to configure the default password quality
           requirements for the system passwords. This file is read by  the	 libp‐
           wquality	 library  and utilities that use this library for checking and
           generating passwords.
    
           The file has a very simple name = value format with  possible  comments
           starting with # character. The whitespace at the beginning of line, end
           of line, and around the = sign is ignored.
    
    
    OPTIONS
           The possible options in the file are:
    
    	   difok
    	       Number of characters in the  new	 password  that	 must  not  be
    	       present in the old password. (default 5)
    
    	   minlen
    	       Minimum acceptable size for the new password (plus one if cred‐
    	       its are not disabled which is the  default).  (See  pam_pwqual‐
    	       ity(8).)	 Cannot be set to lower value than 6. (default 9)
    
    	   dcredit
    	       The  maximum  credit  for having digits in the new password. If
    	       less than 0 it is the minimum number of digits in the new pass‐
    	       word. (default 1)
    
    	   ucredit
    	       The  maximum  credit for having uppercase characters in the new
    	       password.  If less than 0 it is the minimum number of uppercase
    	       characters in the new password. (default 1)
    
    	   lcredit
    	       The  maximum  credit for having lowercase characters in the new
    	       password.  If less than 0 it is the minimum number of lowercase
    	       characters in the new password. (default 1)
    
    	   ocredit
    	       The maximum credit for having other characters in the new pass‐
    	       word.  If less than 0 it is the minimum number of other charac‐
    	       ters in the new password. (default 1)
    
    	   minclass
    	       The  minimum  number  of required classes of characters for the
    	       new password (digits, uppercase, lowercase,  others).  (default
    	       0)
    
    	   maxrepeat
    	       The  maximum  number  of allowed same consecutive characters in
    	       the new password.  The check is disabled if  the	 value	is  0.
    	       (default 0)
    
    	   maxsequence
    	       The  maximum length of monotonic character sequences in the new
    	       password.  Examples of such sequence are	 '12345'  or  'fedcb'.
    	       Note  that  most	 such  passwords  will not pass the simplicity
    	       check unless the sequence is only a minor part of the password.
    	       The check is disabled if the value is 0. (default 0)
    
    	   maxclassrepeat
    	       The  maximum  number  of	 allowed consecutive characters of the
    	       same class in the new password.	The check is disabled  if  the
    	       value is 0. (default 0)
    
    	   gecoscheck
    	       If  nonzero,  check  whether the words longer than 3 characters
    	       from the GECOS field of the user's passwd entry	are  contained
    	       in  the new password.  The check is disabled if the value is 0.
    	       (default 0)
    
    	   badwords
    	       Space separated list of words that must not be contained in the
    	       password. These are additional words to the cracklib dictionary
    	       check. This setting can be also used by applications to emulate
    	       the gecos check for user accounts that are not created yet.
    
    	   dictpath
    	       Path to the cracklib dictionaries. Default is to use the crack‐
    	       lib default.
    
    
    SEE ALSO
           pwscore(1), pwmake(1), pam_pwquality(8)
    
    
    AUTHORS
           Tomas Mraz <[email protected]>
    
    
    
    Red Hat, Inc.			  10 Nov 2011		     PWQUALITY.CONF(5)
    

Log in to reply
 

© Lightnetics 2024