On Thu, Aug 08, 2002 at 09:11:05AM -0700, Bob Hemedinger wrote: > How can I configure PAM to > force root to honor using strong passwords when > setting a user's password, or even its own password? With pam_passwdqc, that is done with the enforce= option: enforce=none|users|everyone [enforce=everyone] The module can be configured to warn of weak passwords only, but not actually enforce strong passwords. The "users" setting will enforce strong passwords for non-root users only. "enforce=everyone" enforces strong passwords on root users as well and is in fact the default. (Of course, root can still bypass any restrictions by writing password hashes directly or by temporarily adjusting configuration files.) http://www.openwall.com/passwdqc/ P.S. For those who have been on this list for a while or otherwise heard of pam_passwdqc before, -- recent additions include HP-UX 11 support and the import of a pam_passwdqc(8) manual page back from FreeBSD (they wrote it based on my README), with minor corrections. -- /sd
