Provided by: libpwquality-common_1.2.3-1ubuntu1_all bug

NAME

       pwquality.conf - configuration for the libpwquality library

SYNOPSIS

       /etc/security/pwquality.conf

DESCRIPTION

       pwquality.conf  provides  a way to configure the default password quality requirements for
       the system passwords. This file is read by the libpwquality library and utilities that use
       this library for checking and generating passwords.

       The  file  has  a  very  simple name = value format with possible comments starting with #
       character. The whitespace at the beginning of line, end of line, and around the = sign  is
       ignored.

OPTIONS

       The possible options in the file are:

           difok
               Number  of  characters  in  the  new  password that must not be present in the old
               password. (default 5)

           minlen
               Minimum acceptable size for the new password (plus one if credits are not disabled
               which  is the default). (See pam_pwquality(8).)  Cannot be set to lower value than
               6. (default 9)

           dcredit
               The maximum credit for having digits in the new password. If less than 0 it is the
               minimum number of digits in the new password. (default 1)

           ucredit
               The  maximum  credit for having uppercase characters in the new password.  If less
               than 0 it is the minimum number of  uppercase  characters  in  the  new  password.
               (default 1)

           lcredit
               The  maximum  credit for having lowercase characters in the new password.  If less
               than 0 it is the minimum number of  lowercase  characters  in  the  new  password.
               (default 1)

           ocredit
               The  maximum credit for having other characters in the new password.  If less than
               0 it is the minimum number of other characters in the new password. (default 1)

           minclass
               The minimum number of required classes of characters for the new password (digits,
               uppercase, lowercase, others). (default 0)

           maxrepeat
               The  maximum  number  of  allowed same consecutive characters in the new password.
               The check is disabled if the value is 0. (default 0)

           maxsequence
               The maximum length of monotonic character sequences in the new password.  Examples
               of  such  sequence  are '12345' or 'fedcb'. Note that most such passwords will not
               pass the simplicity check unless  the  sequence  is  only  a  minor  part  of  the
               password.  The check is disabled if the value is 0. (default 0)

           maxclassrepeat
               The  maximum number of allowed consecutive characters of the same class in the new
               password.  The check is disabled if the value is 0. (default 0)

           gecoscheck
               If nonzero, check whether the words longer than 3 characters from the GECOS  field
               of  the  user's  passwd  entry  are  contained  in the new password.  The check is
               disabled if the value is 0. (default 0)

           badwords
               Space separated list of words that must not be contained in  the  password.  These
               are  additional  words  to the cracklib dictionary check. This setting can be also
               used by applications to emulate the gecos check for user  accounts  that  are  not
               created yet.

           dictpath
               Path to the cracklib dictionaries. Default is to use the cracklib default.

SEE ALSO

       pwscore(1), pwmake(1), pam_pwquality(8)

AUTHORS

       Tomas Mraz <tmraz@redhat.com>