2023-05-25 11:43:53 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
# PAM -- pam_pwquality
|
|
|
|
# Ensure password meet a given quality/complexity requirement
|
2023-06-05 11:33:08 +02:00
|
|
|
policy_pam_pwquality: false
|
2023-05-25 11:43:53 +02:00
|
|
|
|
|
|
|
# Configuration settings for pam_pwquality
|
|
|
|
# For more in depth info, see man pam_pwquality(8)
|
|
|
|
|
|
|
|
# Minimum password lengh/credit
|
2023-06-05 11:33:08 +02:00
|
|
|
policy_pam_pwquality_minlen: 16
|
2023-05-25 11:43:53 +02:00
|
|
|
|
|
|
|
# Credits values for char types
|
|
|
|
# Value : Interger N with :
|
|
|
|
# N >= 0 - Maximum credit given for each char type in the password
|
|
|
|
# N < 0 - Minimum number of chars of given type in the password
|
|
|
|
# digit chars
|
2023-06-05 11:33:08 +02:00
|
|
|
policy_pam_pwquality_dcredit: -1
|
2023-05-25 11:43:53 +02:00
|
|
|
# uppercase chars
|
|
|
|
policy_pam_pwquality_ucredit: 0
|
|
|
|
# lowercase chars
|
2023-06-05 11:33:08 +02:00
|
|
|
policy_pam_pwquality_lcredit: -1
|
2023-05-25 11:43:53 +02:00
|
|
|
# other chars
|
2023-06-05 11:33:08 +02:00
|
|
|
policy_pam_pwquality_ocredit: -1
|
2023-05-25 11:43:53 +02:00
|
|
|
|
|
|
|
|
|
|
|
# PAM -- pam_pwhistory
|
|
|
|
# Prevent old password re-use
|
2023-06-05 11:33:08 +02:00
|
|
|
policy_pam_pwhistory: false
|
2023-05-25 11:43:53 +02:00
|
|
|
|
|
|
|
# How many old passwords to retain
|
2023-06-05 10:27:22 +02:00
|
|
|
policy_pam_pwhistory_length: 5
|
|
|
|
|
|
|
|
# How (days) old the password should be before allowing user to change it's password
|
|
|
|
# It is to prevent circumvention of pam_pwhistory
|
|
|
|
# Set to 0 to disable
|
|
|
|
policy_pam_password_min_days: 0
|