On Thu, 2017-02-23 at 05:53 +0000, Juha A. wrote: > Hi, > > > I would need to configure different password policy based on the > users UID. > > For example: > > - UID 1000-1999: Minimum Password Length = 15, 3 different character > classes > > - UID 2000-2999: Minimum Password Length = 20, 4 different character > classes > > > The /etc/security/pwquality.conf does not seem to have a way to > configure different rules based on UID, but I was also unable to get > system-auth/password-auth to work properly. > > > Would anyone have advice on how to achieve the above? You could configure the PAM stack so that there would be two pam_pwquality lines with different options and skip over them with pam_succeed_if modules and jumps. something like this: (untested, just for inspiration) password [success=2 default=ignore] pam_succeed_if.so uid >= 2000 password requisite pam_pwquality.so try_first_pass retry=3 authtok_type= minlen=15 minclass=3 password [success=1 default=ignore] pam_permit.so password requisite pam_pwquality.so try_first_pass retry=3 authtok_type= minlen=20 minclass=4 -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list