On Fri, 2020-10-23 at 22:11 -0400, Jeffrey Walton wrote: > On Fri, Oct 23, 2020 at 3:01 PM Broking, Brian R <brb10@xxxxxxx> > wrote: > > It could be pam_pwquality.so > > You may also want to check /etc/security/pwquality.conf > > > > It could also be pam_passwdqc.so or pam_cracklib.so depending on > > the system builders choice. > > > > This assumes you are doing local authentication and not using IPA > > which would have it's own Password Policy. > > > > Good Luck. Been there and know what you are dealing with. > > Thanks. I commented the pam_pwquality.so lines in passwd and > system-auth. I now get "passwd: Authentication token manipulation > error". I guess I went down a rabbit hole. You can either disable some of the password complexity rules via modification of /etc/security/pwquality.conf however not everything can be disabled there. (It also depends on version of the libpwquality library on your system.) Or you can drop the pam_pwquality in password-auth and system-auth, but then you have to modify the options for the pam_unix there so it will prompt for the password by itself. Just drop the 'try_first_pass use_authtok' options and it should work fine. > Does anyone know how to disable complexity requirements? The stuff I > am finding on the web appears outdated. Or, where are the procedures > documented? > > Based on mailing list questions and the Unix and Linux Stack Exchange > questions (and views for each question), it looks like about 15,000 > people have had problems with this. If each user spends 30 minutes on > the problem, that's 7,500 man-hours wasted. It is probably time the > PAM folks fix the problem. It is impossible to "fix" - The fix would have to be: "Replace PAM with something that is not as complex and configurable, but it has some limited set of options which are easy to configure." And of course that fix would break some other use cases which require the configurability and complexity of the PAM subsystem. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.] _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list