Linux Password Quality Control in PAM module

Password quality control, to the limited extent that it really matters, is now best done with and

Be careful. Use of means that you now must also protect /etc/security/opasswd as that contains information on users' old passwords which will give you very useful hints as to what their later passwords will look like. can be configured with parameters within the PAM files, but a better approach would be to customize it within /etc/security/pwquality.conf so that every program handling password changes uses the same rules.

In the past, was the only thing you could count on being there in any distribution. Then came along. They are still available, although is now the best tool. However, people used to setting up password policies on Windows will be unhappy with all of them as none allow you to rigidly enforce a password policy exactly the same way you can in Windows. Just set something and move forward as password security is largely an illusion.


Tien Phan

Read more posts by this author.

Subscribe to

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!