Issue
Bear with me for a moment. I'm doing a college exercise setting up a VM and I'm having a very hard time understanding what PAM is and actually works. All the results that come on google are either too basic or too complex and I really don't know what to look up. My exercise requires me to set up a bunch of rules for both normal users and root:
To set up a strong password policy, you have to comply with the following requirements:
- Your password must be at least 10 characters long.
- It must contain an uppercase letter and a number.
- It must not contain more than 3 consecutive identical characters.
- The password must not include the name of the user.
- The following rule does not apply to the root password: The password must have at least 7 characters that are not part of the former password.
- Of course, your root password has to comply with this policy
I haven't been able to find any good sites that explain how PAM works in a good way however I found that for the normal user I need to edit /etc/pam.d/common-password with:
password requisite pam_pwquality.so retry=3 minlen=10 ucredit=-1 dcredit=-1 maxrepeat=3 reject_username difok=7 enforce_for_root
Although I don't understand how PAM works I do understand it's flags. My question is how do I set up different rules for root?
Solution
Note that root is not asked for an old password so the checks that compare the old and new password are not performed. So, basically, the phrase
The following rule does not apply to the root password
means you can't make difok=7 work for root and not that you must create a separate rule for root.
Answered By - artacone Answer Checked By - Cary Denson (WPSolving Admin)
