usr - christos - notes - cs - misc - cyber - securityp - practical

/home/labuser1# sudo apt-get install libpam-pwquality
Reading package lists...  Done
Building dependency tree...  Done
Reading state information...  Done
libpam-pwquality is already the newest version (1.4.5-1+b1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


sudo nano /etc/security/pwquality.conf


	# Configuration for systemwide password quality limits
	# Defaults:
	#
	# Number of characters in the new password that must not be present in the
	# old password.
	# difok = 1
	#
	# Minimum acceptable size for the new password (plus one if
	# credits are not disabled which is the default).  (See pam_cracklib
	manual.)
	# Cannot be set to lower value than 6.
	minlen = 8
	#
	# The maximum credit for having digits in the new password.  If less than
	0
	# it is the minimum number of digits in the new password.
	# dcredit = 0
	#
	# The maximum credit for having uppercase characters in the new password.
	# If less than 0 it is the minimum number of uppercase characters in the
	new
	# password.
	# ucredit = 0
	#
	# The maximum credit for having lowercase characters in the new password.
	# If less than 0 it is the minimum number of lowercase characters in the
	new
	# password.
	# lcredit = 0
	#
	# The maximum credit for having other characters in the new password.
	# If less than 0 it is the minimum number of other characters in the new
	# password.
	# ocredit = 0
	#
	# The minimum number of required classes of characters for the new
	# password (digits, uppercase, lowercase, others).
	minclass = 3
	#
	# The maximum number of allowed consecutive same characters in the new
	password.
	# The check is disabled if the value is 0.
	# maxrepeat = 0
	#
	# The maximum number of allowed consecutive characters of the same class
	in the
	# new password.
	# The check is disabled if the value is 0.
	# maxclassrepeat = 0
	#
	# Whether to check for the words from the passwd entry GECOS string of the
	user.
	# The check is enabled if the value is not 0.
	# gecoscheck = 0
	#
	# Whether to check for the words from the cracklib dictionary.
	# The check is enabled if the value is not 0.
	# dictcheck = 1
	#
	# Whether to check if it contains the user name in some form.
	# The check is enabled if the value is not 0.
	# usercheck = 1
	#
	# Length of substrings from the username to check for in the password
	# The check is enabled if the value is greater than 0 and usercheck is
	enabled.
	# usersubstr = 0
	#
	# Whether the check is enforced by the PAM module and possibly other
	# applications.
	# The new password is rejected if it fails the check and the value is not
	0.
	# enforcing = 1
	#
	# Path to the cracklib dictionaries.  Default is to use the cracklib
	default.
	dictpath =/usr/share/dict/common
	#
	# Prompt user at most N times before returning with error.  The default is
	1.
	# retry = 3
	#
	# Enforces pwquality checks on the root user password.
	# Enabled if the option is present.
	# enforce_for_root
	#
	# Skip testing the password quality for users that are not present in the
	# /etc/passwd file.
	# Enabled if the option is present.
	# local_users_only