# passwd service entry that does strength checking of
# a proposed password before updating it.
passwd password requisite \
passwd password required \
# useradd defaults file
# Password aging controls:
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
Passwords must be constructed to meet the following requirements (via the passwd command)
· Each password must have PASSLENGTH characters, where PASSLENGTH is defined in /etc/default/passwd and is set to 6. Only the first eight characters are significant.
· Each password must contain at least two alphabetic characters and at least one numeric or special character. In this case, alphabetic” refers to all upper or lower case letters.
· Each password must differ from the user’s login name and any reverse or circular shift of that login name. For comparison purposes, an upper case letter and its corresponding lower case letter are equivalent.
· New passwords must differ from the old by at least three characters. For comparison purposes, an upper case letter and its corresponding lower case letter are equivalent.
#ident “@(#)passwd.dfl 1.3 92/07/14 SMI”
Using the passwd command the following parameters can be:
Min: minimum number of days required between password changes
Max: maximum number of days the password is valid
Warn: number of days relative to max before he password expires and the user wil be warned.
minalpha Specifies the minimum number of alphabetic characters.
minother Specifies the minimum number of other characters.
minlen Specifies the minimum number of characters.
Note: This value is determined by either the minalpha value plus the
minother value or the minlen value, whichever is greater.
Mindiff Specifies the minimum number of characters in the new password that are
not in the old password.
Note: This restriction does not consider position. If the new password is
abcd and the old password is edcb, the number of different characters is 1.
maxrepeats Specifies the maximum number of times a single character can be used
in a password.
minage Specifies the minimum age at which a password can be changed. Passwords
must be kept for a minimum period. This value is measured in weeks.
maxage Specifies the maximum age of a password. A password must be changed after
a specified amount of time measured in weeks.
maxexpired Specifies the maximum number of weeks beyond the maxage value that a
password can be changed by the user.
histexpire Specifies the number of weeks that a user cannot reuse a password. (between 0 and 260 weeks).
Histsize Specifies the number of previous passwords that the user cannot reuse. (between 0 and 50).
dictionlist Specifies the list of dictionary files checked when a password is
changed. (Example dictionary: /usr/share/dict/words)
On an untrusted system, only the first eight characters of a password are significant.
Passwords must be constructed to meet the following requirements:
On an untrusted system, passwords of non-root users must have at least six characters. On a trusted system, passwords of all users must have at least six characters. This restriction on the password length can be increased to a value larger than six. Refer to the security(4) manual page for detailed information on configurable parameters that affect the behavior of this command. The parameter to select the minimum password length is MIN_PASSWORD_LENGTH
Characters must be from the 7-bit US-ASCII character set; letters from the English alphabet.
A password must contain at least two letters and at least one numeric or special character.
A password must differ from the user’s login name and any reverse or circular shift of that login name. For comparison purposes, an uppercase letter and its corresponding lowercase equivalent are treated as identical.
A new password must differ from the old one by at least three characters.
MIN_PASSWORD_LENGTH=N New passwords must contain at least N characters.
PASSWORD_HISTORY_DEPTH=N A new password is checked against only the N most recently used passwords for a particular user.