Blame | Last modification | View Log | RSS feed
# Configuration for systemwide password quality limits# Defaults:## Number of characters in the new password that must not be present in the# old password.# difok = 1## Minimum acceptable size for the new password (plus one if# credits are not disabled which is the default). (See pam_cracklib manual.)# Cannot be set to lower value than 6.# minlen = 8## The maximum credit for having digits in the new password. If less than 0# it is the minimum number of digits in the new password.# dcredit = 0## The maximum credit for having uppercase characters in the new password.# If less than 0 it is the minimum number of uppercase characters in the new# password.# ucredit = 0## The maximum credit for having lowercase characters in the new password.# If less than 0 it is the minimum number of lowercase characters in the new# password.# lcredit = 0## The maximum credit for having other characters in the new password.# If less than 0 it is the minimum number of other characters in the new# password.# ocredit = 0## The minimum number of required classes of characters for the new# password (digits, uppercase, lowercase, others).# minclass = 0## The maximum number of allowed consecutive same characters in the new password.# The check is disabled if the value is 0.# maxrepeat = 0## The maximum number of allowed consecutive characters of the same class in the# new password.# The check is disabled if the value is 0.# maxclassrepeat = 0## Whether to check for the words from the passwd entry GECOS string of the user.# The check is enabled if the value is not 0.# gecoscheck = 0## Whether to check for the words from the cracklib dictionary.# The check is enabled if the value is not 0.# dictcheck = 1## Whether to check if it contains the user name in some form.# The check is enabled if the value is not 0.# usercheck = 1## Length of substrings from the username to check for in the password# The check is enabled if the value is greater than 0 and usercheck is enabled.# usersubstr = 0## Whether the check is enforced by the PAM module and possibly other# applications.# The new password is rejected if it fails the check and the value is not 0.# enforcing = 1## Path to the cracklib dictionaries. Default is to use the cracklib default.# dictpath =## Prompt user at most N times before returning with error. The default is 1.# retry = 3## Enforces pwquality checks on the root user password.# Enabled if the option is present.# enforce_for_root## Skip testing the password quality for users that are not present in the# /etc/passwd file.# Enabled if the option is present.# local_users_only