Linux How To Set Password Rules and Policies

Liv4IT

7 Mar 201707:47

Summary

TLDRThis Linux tutorial demonstrates how to set password rules for user accounts on a Linux system. The video starts by creating a user with a simple '123' password, then moves on to installing the 'libpam-pwquality' library to enforce stronger passwords. It guides viewers through editing the '/etc/pam.d/common-password' file to set minimum password length, require uppercase letters, lowercase letters, digits, and special characters. The tutorial shows how to apply these rules by attempting to change a user's password, illustrating the enforcement of the newly set criteria.

Takeaways

😀 The tutorial demonstrates how to set password rules in Linux to enhance security.
🛠️ The 'adduser' command is used to create a new user in Linux, but it allows weak passwords by default.
🔒 To enforce stronger passwords, a password quality check library must be installed, such as 'libpam-pwquality'.
📚 The '/etc/pam.d/common-password' file is where password rules can be configured in Debian-based systems.
✏️ Editing the 'common-password' file with root privileges allows setting various password requirements.
🔡 The minimum password length can be set by adding 'minlen' followed by the desired number of characters.
🔑 The 'ucredit', 'lcredit', 'dcredit', and 'ocredit' options can be used to enforce the inclusion of uppercase letters, lowercase letters, digits, and special characters, respectively.
🚫 The script shows that passwords not meeting the new rules will be rejected, prompting users to create stronger passwords.
🔄 After making changes to the 'common-password' file, the system will reflect these rules for new passwords.
🔄 The tutorial suggests that users can experiment with different options to create a customized set of password rules.
🙏 The presenter expresses gratitude for viewing the tutorial and hopes it was informative.

Q & A

What is the purpose of the tutorial?
-The purpose of the tutorial is to demonstrate how to set password rules in Linux to enhance security by adding complexity to user passwords.
What command is used to create a new user in Linux?
-The command used to create a new user in Linux is 'adduser', which should be executed with root privileges.
Why is the initial password '1 2 3' considered weak?
-The initial password '1 2 3' is considered weak because it lacks complexity, being a simple sequence of numbers without any uppercase, lowercase, or special characters.
What is the 'libpam-pwquality' package and why is it needed?
-The 'libpam-pwquality' package is a password quality check library used in Linux to enforce password rules. It is needed to set up and enforce password policies.
How can you install the 'libpam-pwquality' package on a Debian-based system?
-You can install the 'libpam-pwquality' package on a Debian-based system using the command 'apt-get install libpam-pwquality' with updates.
What file needs to be edited to set password rules in Linux?
-The file that needs to be edited to set password rules in Linux is '/etc/pam.d/common-password'.
What does the 'minlen' option do in the password rules configuration?
-The 'minlen' option in the password rules configuration sets the minimum length requirement for passwords.
How can you enforce a password to have at least one uppercase character?
-To enforce a password to have at least one uppercase character, you can add the option 'ucredit=-1' to the configuration line in the 'common-password' file.
What does the 'lcredit' option represent in the password rules?
-The 'lcredit' option in the password rules represents the requirement for lowercase characters in a password.
How can you require a password to have at least one digit?
-To require a password to have at least one digit, you can replace 'lcredit' with 'dcredit' and set it to '-1' in the configuration line.
What is the effect of adding 'ocredit=-1' to the password rules?
-Adding 'ocredit=-1' to the password rules enforces the requirement for at least one special character in the password.