Ubuntu Documentation > Ubuntu 9.04 > Ubuntu Server Guide > Security > User Management states that there is a default minimum password length for Ubuntu:
By default, Ubuntu requires a minimum
password length of 4 characters
Say the password is to be modified by the user using passwd
. Is there a command for displaying the current password policies for a user (such as the chage
command displays the password expiration information for a specific user)?
> sudo chage -l SomeUserName
Last password change : May 13, 2010
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
This is rather than examining various places that control the policy and interpreting them since the process could contain errors. A command that reports the composed policy would be used to check the policy setting steps.
Best Answer
The OP confuses two different questions: policy and password length.
As already stated by @BillThor, password length is dealt with by the PAM module, under the not truly auspicious keyword
obscure
, in the file /etc/pam.d/common-password, which contains the following line:The
obscure
keyword stands for (according to man pam_unix):The prescription by
obscure
can be overridden as follows: in /etc/pam.d/common-password, re-write the line above asor whatever you like.
Finding exactly where the minimum length password is defined requires diving into the depths of pam:
... and then to find where the minimum passord length is defined:
Perusing the debian patches you will see that the parameter UNIX_MIN_PASS_LEN (the 27th possible parameter) corresponds to a variable called minlen, which is set in /modules/pam_unix/support.c. However, one of the debian patches fixes
pass_min_len
: the file debian/patches-applied/007_modules_pam_unix contains the lines:and the file debian/Changelog specifies:
I always disliked PAM, and for this reason: to locate a trivial parameter like the minimum password length, it obliges you to look into the source code.
The information displayed by
chage -l username
is instead completely contained in the /etc/shadow file: The Man page states:The fields of each entry are:
Just to double check, an
strace
of thechage
command shows which files are opened,