How to enforce Password complexity for root in Redhat

Question

I have used pam_pwquality.so module to enforce the password complexity. But its applying only for selfuser. I mean, If i login into a user(not root) and change the password for that user, complexity rules are applying but if i change the password from root, complexity check is not happening.

I found pam_passwdqc module for RHEL6 to enforce the complexity for root also. Can you suggest me similar for RHEL7 and UBUNTU 14.04. https://access.redhat.com/solutions/23481 https://linux.die.net/man/8/pam_passwdqc

Note: pam_passwdqc is availale for RHEL5&6

score 3 · Answer 1 · answered Jan 06 '17 at 08:09

3

Enforcing the policy for root can be accomplished using:

  enforce_for_root
       The module will return error on failed check even if the user changing the password is root. This option is off by default which means that just the message about the failed check is printed but root can change the
       password anyway. Note that root is not asked for an old password so the checks that compare the old and new password are not performed.

It's documented in the manual page.

answered Jan 06 '17 at 08:09

dawud

14,918
3
41
61

2

SF Web 2.0 RTFMaaS ;) – user9517 Jan 06 '17 at 10:00
If a person has sudo/root, they can still change their or anyones pw to anything using `usermod -p $pwhash user`. – Aaron Jan 06 '17 at 16:57

How to enforce Password complexity for root in Redhat

1 Answers1