Quote:
Originally Posted by hopla
I use pam_passwdqc to enforce strong passwords. It's in the base system (man pam_passwdqc).
I enable it by adding this line to /etc/pam.d/sshd (its the 3rd line, the others are already there)
See the man page for the meaning of the options and more.
And in /etc/adduser.conf I set
Then when I create a new user I get a random password (by default) I can give to him. And when the user first logs in with it, he must immediately change it since its expired (upwexpire). He can then only change it to a password that is strong enough according to the rules set with pam_passwdqc.
|
Excellent, I never realised something like this was in the base system, I thought I'd have to install 3rd party software to get that functionality.