1PWQUALITY.CONF(5)             File Formats Manual            PWQUALITY.CONF(5)
2
3
4

NAME

6       pwquality.conf - configuration for the libpwquality library
7

SYNOPSIS

9       /etc/security/pwquality.conf
10

DESCRIPTION

12       pwquality.conf provides a way to configure the default password quality
13       requirements for the system passwords. This file is read by  the  libp‐
14       wquality  library  and utilities that use this library for checking and
15       generating passwords.
16
17       The file has a very simple name = value format with  possible  comments
18       starting with # character. The whitespace at the beginning of line, end
19       of line, and around the = sign is ignored.
20
21

OPTIONS

23       The possible options in the file are:
24
25           difok
26               Number of characters in the  new  password  that  must  not  be
27               present in the old password. (default 5)
28
29           minlen
30               Minimum acceptable size for the new password (plus one if cred‐
31               its are not disabled which is the  default).  (See  pam_pwqual‐
32               ity(8).)  Cannot be set to lower value than 6. (default 9)
33
34           dcredit
35               The  maximum  credit  for having digits in the new password. If
36               less than 0 it is the minimum number of digits in the new pass‐
37               word. (default 1)
38
39           ucredit
40               The  maximum  credit for having uppercase characters in the new
41               password.  If less than 0 it is the minimum number of uppercase
42               characters in the new password. (default 1)
43
44           lcredit
45               The  maximum  credit for having lowercase characters in the new
46               password.  If less than 0 it is the minimum number of lowercase
47               characters in the new password. (default 1)
48
49           ocredit
50               The maximum credit for having other characters in the new pass‐
51               word.  If less than 0 it is the minimum number of other charac‐
52               ters in the new password. (default 1)
53
54           minclass
55               The  minimum  number  of required classes of characters for the
56               new password (digits, uppercase, lowercase,  others).  (default
57               0)
58
59           maxrepeat
60               The  maximum  number  of allowed same consecutive characters in
61               the new password.  The check is disabled if  the  value  is  0.
62               (default 0)
63
64           maxsequence
65               The  maximum length of monotonic character sequences in the new
66               password.  Examples of such sequence are  '12345'  or  'fedcb'.
67               Note  that  most  such  passwords  will not pass the simplicity
68               check unless the sequence is only a minor part of the password.
69               The check is disabled if the value is 0. (default 0)
70
71           maxclassrepeat
72               The  maximum  number  of  allowed consecutive characters of the
73               same class in the new password.  The check is disabled  if  the
74               value is 0. (default 0)
75
76           gecoscheck
77               If  nonzero,  check  whether the words longer than 3 characters
78               from the GECOS field of the user's passwd entry  are  contained
79               in  the new password.  The check is disabled if the value is 0.
80               (default 0)
81
82           badwords
83               Space separated list of words that must not be contained in the
84               password. These are additional words to the cracklib dictionary
85               check. This setting can be also used by applications to emulate
86               the gecos check for user accounts that are not created yet.
87
88           dictpath
89               Path to the cracklib dictionaries. Default is to use the crack‐
90               lib default.
91
92

SEE ALSO

94       pwscore(1), pwmake(1), pam_pwquality(8)
95
96

AUTHORS

98       Tomas Mraz <tmraz@redhat.com>
99
100
101
102Red Hat, Inc.                     10 Nov 2011                PWQUALITY.CONF(5)
Impressum