blob: 0418ff3dacf0ed3551a4cbc0d10a4eb09488ce7e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
.de FN
\fI\|\\$1\|\fP
..
.TH PWQUALITY.CONF 5 "10 Nov 2011" "Red Hat, Inc."
.SH NAME
pwquality.conf \- configuration for the libpwquality library
.SH SYNOPSIS
\fB/etc/security/pwquality.conf\fR
.SH DESCRIPTION
\fBpwquality.conf\fR provides a way to configure the default password
quality requirements for the system passwords. This file is read by the
libpwquality library and utilities that use this library for checking
and generating passwords.
The file has a very simple \fIname = value\fR format with possible comments
starting with \fB#\fR character.
.PD
.SH OPTIONS
The possible options in the file are:
.RS 4
.PP
\fBdifok\fR
.RS 4
Number of characters in the new password that must not be present in the
old password. (default 5)
.RE
.PP
\fBdifignore\fR
.RS 4
How many characters should the password have before difok will be
ignored. (default 23)
.RE
.PP
\fBminlen\fR
.RS 4
Minimum acceptable size for the new password (plus one if credits are not
disabled which is the default). (See \fIpam_pwquality(8)\fR.)
Cannot be set to lower value than 6. (default 9)
.RE
.PP
\fBdcredit\fR
.RS 4
The maximum credit for having digits in the new password. If less than 0
it is the minimum number of digits in the new password. (default 1)
.RE
.PP
\fBucredit\fR
.RS 4
The maximum credit for having uppercase characters in the new password.
If less than 0 it is the minimum number of uppercase characters in the new
password. (default 1)
.RE
.PP
\fBlcredit\fR
.RS 4
The maximum credit for having lowercase characters in the new password.
If less than 0 it is the minimum number of lowercase characters in the new
password. (default 1)
.RE
.PP
\fBocredit\fR
.RS 4
The maximum credit for having other characters in the new password.
If less than 0 it is the minimum number of other characters in the new
password. (default 1)
.RE
.PP
\fBminclass\fR
.RS 4
The minimum number of required classes of characters for the new
password (digits, uppercase, lowercase, others). (default 0)
.RE
.PP
\fBmaxrepeat\fR
.RS 4
The maximum number of allowed same consecutive characters in the new password.
The check is disabled if the value is 0. (default 0)
.RE
.PP
\fBdictpath\fR
.RS 4
Path to the cracklib dictionaries. Default is to use the cracklib default.
.RE
.PD
.SH "SEE ALSO"
pwscore(1), pwmake(1), pam_pwquality(8)
.SH AUTHORS
.nf
Tomas Mraz <tmraz@redhat.com>
.fi
|
