Cracklib and PAM

Bruce Dubbs bdubbs at
Thu Mar 23 17:32:55 PST 2006

Dan Nicholson wrote:
> On 3/23/06, Randy McMurchy <randy at> wrote:
>> Dan Nicholson wrote these words on 03/23/06 14:26 CST:
>>> Because I don't always want my password to be checked that thoroughly.
>> Thanks, Dan. And not to belabor the point, but instead to provide
>> information that you may not be aware of considering the remark
>> above, even with CrackLib installed, you still don't *have* to
>> have a strong password. With CrackLib you could still have "Dan"
>> as your password (just an example, not saying that's what you
>> would use) if you wanted.
> Part of the problem that I haven't mentioned so far is that I don't
> know how to configure cracklib well.  So, what ends up happening is
> that I have a hard time setting passwords that cracklib deems worthy. 
> But that's more of a usage problem.  I still like using PAM to control
> how different programs authenticate users.  I don't always like having
> a strict password checker, though.

LOL.  You fix it by adjusting the /etc/pam.d/passwd file.

RH uses:

password    required      /lib/security/$ISA/ retry=3
password    sufficient    /lib/security/$ISA/ nullok
use_authtok md5
password    required      /lib/security/$ISA/


to see how configure differently.

  -- Bruce

P.S.  $ISA is generally null.

More information about the blfs-book mailing list