I have read https://www.freebsd.org/doc/handbook/security-intro.html, but I found pam_passwdqc does not work as I expected.
I want to enforce 4 kinds of character classes in password: digits, lower-case letters, upper-case letters, and others. So, I modify /etc/pam.d/passwd to be:
But I found some issues:
1) The password cannot be used to login through ssh. sshd server always complains: "error: PAM: authentication error for test from 10.156.76.125"
2) I saw
3) If I specified a weak password, for example, 123456, I only saw a warning, but the system still accepts the weak password.
Anyone know why?
I want to enforce 4 kinds of character classes in password: digits, lower-case letters, upper-case letters, and others. So, I modify /etc/pam.d/passwd to be:
Code:
password requisite pam_passwdqc.so min=disabled,disabled,disabled,disabled,8 similar=deny retry=3 enforce=everyone
But I found some issues:
1) The password cannot be used to login through ssh. sshd server always complains: "error: PAM: authentication error for test from 10.156.76.125"
2) I saw
passwd
command gives me a sample password, but it does not include digits. If I typed it, it was accepted. That is not what I expected.3) If I specified a weak password, for example, 123456, I only saw a warning, but the system still accepts the weak password.
Anyone know why?