To force users to use secure passwords on Ubuntu or Debian Linux, you can use the “pam_cracklib.so” module in PAM (Pluggable Authentication Modules). This module checks the strength of passwords before allowing them to be set.
Here are the steps to enable password checks with PAM:
- Install the “libpam-cracklib” package:
# apt-get install libpam-cracklib
- Edit the “/etc/pam.d/common-password” file:
nano /etc/pam.d/common-password
- Add the following line to the top of the file:
password requisite pam_cracklib.so retry=3 minlen=8 difok=3
- Save and close the file.
With these steps, passwords must now meet the following criteria:
- Must be at least 8 characters long
- Must have a minimum difference of 3 characters compared to the old password
- Users will have to retry entering the password up to 3 times if the first attempts are not strong enough.
It’s recommended to test the changes before rolling it out to a production environment.