password againg and other policy enforcement
sonicy at otenet.gr
Sat Jun 30 18:10:59 UTC 2007
Patrick Dung wrote:
> I have some question about password policy in FreeBSD:
> 1. Administrator can enforce password expire in /etc/login.conf
> Is there any tool that can check when the password will expire for the
> 2. Any good way to enforce minimum password length and other
> restriction(like password need at least 2 numbers, 2 special char)?
> 3. Any ways to prevent user reuse old password?
These options have been moved to PAM (Pluggable Authentication Modules).
Have a look at /etc/pam.d
You will find a file called passwd
Edit it and uncomment the line:
password requisite pam_passwdqc.so ....
Change the options you require per the manual page
(man 8 pam_passwdqc)
A lot of restrictions can be placed on the password (history,
complexity, number of chars / symbols and so on).
More information about the freebsd-questions