Ubuntu – How to set requirements (such as minimum length) on passwords


Is there any way to set up minimum passcode requirements, such as a minimum length, requirement of mixed case alphanumerics and at least 1 symbol in the passcode, and enforce that at passcode changes?

Best Answer

Password complexity in Ubuntu is controlled by PAM. Unfortunately, PAM is "typically Unix" like in its approach. Meaning that it spreads its configuration through a large number of very confusing files.

The file that controls password complexity is:


There is a line:

password [success=1 default=ignore] pam_unix.so obscure sha512

Which defines the basic rules for password complexity. You can add a minimum length override by changing it to:

password [success=1 default=ignore] pam_unix.so obscure sha512 minlen=12

or whatever minimum you want. As you can see, the default already defines some basic obscurity rules. These basic rules can be seen in:

man pam_unix

Search for "obscure".

There are a large number of pam modules that can be installed.

apt-cache search libpam-

Should show you them.

You will need to hunt down the documenation for them I'm afraid. But the "cracklib" is a common addition.

UPDATE: I should have pointed out that the default "obscure" parameter includes tests for complexity based on previous passwords and simplicity (length, number of different types of character). The example in the manpage shows cracklib in action. Install libpam_cracklib to get that working.

Also, once you have worked out what to change, the changes are the same in other files so that you can enforce the same (or different) password checks for SSH and other applications.

Related Question