Please bear with me while I play idiot for a short while. Perhaps someone on this list can enlighten me and let me know if my understanding has gone astray. If on a Redhat 7.2 system, when using the /etc/pam.d/system-auth file and placing the following entries in: password required pam_cracklib.so retry=3 minlen=8 dcredit=1 ucredit=1 lcredit=1 difok=2 password sufficient pam_unix.so nullok use_authtok md5 shadow By using this type of entry, does this specifically mean that any user, when changing or setting up their password, that the minimum length must be 8, with at least 1 uppercase, 1 lowercase, 1 digit and no 2 characters from the previous password can be used....AND if this criteria is not met then the password function will FAIL? Let's say I go more generic: password requisite pam_cracklib.so retry=3 minlen=8 password sufficient pam_unix.so nullok use_authtok md5 shadow By using "requisite", I am inclined to believe that this specifies that any user password MUST be a minimum length of 8 characters or the password function will FAIL? If my understanding is wrong about this and that there is no way to REQUIRE that a password must be a minimum length of "n", then someone please provide me with a more accurate perspective. Thanks _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
