I need to configure an Ubuntu server to follow a strict company password policy that specifies the following:
- at least one upper case
- at least one lower case
- at least one digit
- at least one special character
I've had a look around and all I have found is the instructions for specifying the password length; but, I have yet to find something that relates to specifying the content of the password regarding the above points.
Any help would be appreciated.
Best Answer
Password complexity is enforced by the
pam_cracklibmodule.In order to modify the password policy for your local machine, you will need to modify your
/etc/pam.d/common-passwordfile.From a terminal window (Ctrl+Alt+T), enter the following command:
Add the following line to the file (before
pam_unix.soor whichever PAM module is used primarily for authentication, as can be seen from examples in the manpage) and save the file:This statement implements the following password requirements:
dcredit== digitucredit== upper-case characterlcredit==lower-case characterocredit== other character (special characters, including!,@#$%)This should satisfy your requirements.
You could also use the variables
minlengthandretriesto further restrict the password requirements.Here is another good example of modifying a password policy in this manner would be placing the following line in the
/etc/pam.d/common-passwordfile:This entry will set a maximum of three attempts at getting an acceptable password with a 10-character minimum length.
This sets the requirement for users to have a minimum of three characters different from the last password.
This will also fulfill the requirement of having the password contain at least one each of digit, lower-case character, and upper-case characters.
See also this article on setting up stronger password policy rules in linux.