PWQUALITY.CONF(images) - phpMan

PWQUALITY.CONF(5)             File Formats Manual            PWQUALITY.CONF(5)

NAME
       pwquality.conf - configuration for the libpwquality library
SYNOPSIS
       /etc/security/pwquality.conf
DESCRIPTION
       pwquality.conf provides a way to configure the default password quality
       requirements for the system passwords. This file is read by  the  libp-
       wquality  library  and utilities that use this library for checking and
       generating passwords.
       The file has a very simple name = value format with  possible  comments
       starting with # character. The whitespace at the beginning of line, end
       of line, and around the = sign is ignored.

OPTIONS
       The possible options in the file are:
           difok
               Number of characters in the  new  password  that  must  not  be
               present in the old password. (default 5)
           minlen
               Minimum acceptable size for the new password (plus one if cred-
               its are not disabled which is the  default).  (See  pam_pwqual-
               ity(8).)  Cannot be set to lower value than 6. (default 9)
           dcredit
               The  maximum  credit  for having digits in the new password. If
               less than 0 it is the minimum number of digits in the new pass-
               word. (default 1)
           ucredit
               The  maximum  credit for having uppercase characters in the new
               password.  If less than 0 it is the minimum number of uppercase
               characters in the new password. (default 1)
           lcredit
               The  maximum  credit for having lowercase characters in the new
               password.  If less than 0 it is the minimum number of lowercase
               characters in the new password. (default 1)
           ocredit
               The maximum credit for having other characters in the new pass-
               word.  If less than 0 it is the minimum number of other charac-
               ters in the new password. (default 1)
           minclass
               The  minimum  number  of required classes of characters for the
               new password (digits, uppercase, lowercase,  others).  (default
               0)
           maxrepeat
               The  maximum  number  of allowed same consecutive characters in
               the new password.  The check is disabled if  the  value  is  0.
               (default 0)
           maxsequence
               The  maximum length of monotonic character sequences in the new
               password.  Examples of such sequence are  '12345'  or  'fedcb'.
               Note  that  most  such  passwords  will not pass the simplicity
               check unless the sequence is only a minor part of the password.
               The check is disabled if the value is 0. (default 0)
           maxclassrepeat
               The  maximum  number  of  allowed consecutive characters of the
               same class in the new password.  The check is disabled  if  the
               value is 0. (default 0)
           gecoscheck
               If  nonzero,  check  whether the words longer than 3 characters
               from the GECOS field of the user's passwd entry  are  contained
               in  the new password.  The check is disabled if the value is 0.
               (default 0)
           badwords
               Space separated list of words that must not be contained in the
               password. These are additional words to the cracklib dictionary
               check. This setting can be also used by applications to emulate
               the gecos check for user accounts that are not created yet.
           dictpath
               Path to the cracklib dictionaries. Default is to use the crack-
               lib default.

SEE ALSO
       pwscore(1), pwmake(1), pam_pwquality(8)

AUTHORS
       Tomas Mraz <tmraz AT redhat.com>

Red Hat, Inc.                     10 Nov 2011                PWQUALITY.CONF(5)