[Freeipa-users] Is it possible to Disable "BAD Password" from IPA Configs
Alexander Bokovoy
abokovoy at redhat.com
Wed Mar 25 05:44:56 UTC 2015
On Wed, 25 Mar 2015, Yogesh Sharma wrote:
>Hi,
>
>Is there any way that we can configure IPA server not to do Strict Checking
>for Password.
>For EG:
>
>
>*BAD PASSWORD: The password is too similar to the old one*
>*New password: *
>*BAD PASSWORD: The password fails the dictionary check - it is based on a
>dictionary word*
>
>We tried removing "use_authtok" from below but no luck.
>
>password sufficient pam_unix.so sha512 shadow nullok try_first_pass
>use_authtok
You are changing *wrong* configuration.
>
>system-auth "password" config:
>
>[root at cipa vagrant]# cat /etc/pam.d/system-auth | grep password | grep -v
>grep
>*password requisite pam_pwquality.so try_first_pass retry=3 type=*
pam_pwquality is responsible for the password strength checks in PAM
stack. Read its documentation for details.
P.S. This question has nothing to do with FreeIPA.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list