# Configuration for systemwide password quality limits # Defaults: # # Number of characters in the new password that must not be present in the # old password. # difok = 1 # # Minimum acceptable size for the new password (plus one if # credits are not disabled which is the default). (See pam_cracklib manual.) # Cannot be set to lower value than 6. # minlen = 8 # # The maximum credit for having digits in the new password. If less than 0 # it is the minimum number of digits in the new password. # dcredit = 0 # # The maximum credit for having uppercase characters in the new password. # If less than 0 it is the minimum number of uppercase characters in the new # password. # ucredit = 0 # # The maximum credit for having lowercase characters in the new password. # If less than 0 it is the minimum number of lowercase characters in the new # password. # lcredit = 0 # # The maximum credit for having other characters in the new password. # If less than 0 it is the minimum number of other characters in the new # password. # ocredit = 0 # # The minimum number of required classes of characters for the new # password (digits, uppercase, lowercase, others). # minclass = 0 # # The maximum number of allowed consecutive same characters in the new password. # The check is disabled if the value is 0. # maxrepeat = 0 # # The maximum number of allowed consecutive characters of the same class in the # new password. # The check is disabled if the value is 0. # maxclassrepeat = 0 # # Whether to check for the words from the passwd entry GECOS string of the user. # The check is enabled if the value is not 0. # gecoscheck = 0 # # Whether to check for the words from the cracklib dictionary. # The check is enabled if the value is not 0. # dictcheck = 1 # # Whether to check if it contains the user name in some form. # The check is enabled if the value is not 0. # usercheck = 1 # # Length of substrings from the username to check for in the password # The check is enabled if the value is greater than 0 and usercheck is enabled. # usersubstr = 0 # # Whether the check is enforced by the PAM module and possibly other # applications. # The new password is rejected if it fails the check and the value is not 0. # enforcing = 1 # # Path to the cracklib dictionaries. Default is to use the cracklib default. # dictpath = # # Prompt user at most N times before returning with error. The default is 1. # retry = 3 # # Enforces pwquality checks on the root user password. # Enabled if the option is present. # enforce_for_root # # Skip testing the password quality for users that are not present in the # /etc/passwd file. # Enabled if the option is present. # local_users_only