Quote:
Originally Posted by hopla
How have you done that then? By using login.conf settings perhaps? Because I tried those, but never got them to work... The pam_passwdqc also seems more powerfull (not just checking if your password is long enough, but also that it contains X number of different character sets etc)
|
Comment out everything in /etc/pam.d/passwd, and place the following lines:
Code:
password requisite pam_passwdqc.so min=disabled,8,8,8,8 retry=3 enforce=everyone
password required pam_unix.so no_warn try_first_pass nullok
And this will enable this functionality in the system without adding anything to sshd_config. This way, no matter how anyone connects (although SSH is the only method I allow right now but that's not the point) they will be held to these rules.
PS - I was never able to get the settings in login.conf for password strength to work either. I read somewhere that they are silently ignored in favor of pam's configuration, and only exist for backwards compatibility.