Enforce strong passwords in Debian
Published on 2011-03-17.
This tutorial explains how you can enforce a strong password for users on Debian.
On Linux the
passwd command changes passwords for user accounts. A normal user may only change the password for his/her own account, while the superuser may change the password for any account.
passwd also changes the account or associated password validity period.
passwd uses PAM (Pluggable Authentication Modules) to authenticate users and to change their passwords.
In order to enforce some stricter password rules you need to install the
# apt-get install libpam-cracklib
Once installed you can setup the rules in
In the following example I have setup lines that require the user to select a password with a minimum length of 10 and with at least 4 numbers, 1 upper case letter, and 1 other character. The user is only given 1 opportunity to enter a strong password and the password can't contain the user name.
passwordrequisitepam_cracklib.so retry=1 dcredit=-4 ucredit=-1 ocredit=-1 lcredit=0 minlen=10 reject_username