Recently i got the task to implement following password policies on SLES (SUSE Linux Enterprise Server) 11.x
- Minimum password length should be 10 characters
- Password should have one UPPERCASE Character
- Password should have one LOWERCASE Character
- Password should have one Numeric Character
- Minimum Passwords to Remember or Password History is 4
- Accounts should be lockout after 5 attempts.
These password policies can implemented using pam file “/etc/pam.d/common-password”
First take the back up of common-password file .
# cd /etc/pam.d/ # cp common-password common-password.bak
Edit the file “/etc/pam.d/common-password” ,comment out the default modules and add the followings lines.
password required pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 minlen=10 retry=5 password required pam_pwhistory.so use_authtok remember=4 retry=5 password required pam_unix2.so nullok use_authtok md5
Save & exit the file.
Now onwards, we can’t use the simple passwords, System will accepts only those passwords which satisfy above parameters.