Is there any way that we can configure IPA server not to do Strict Checking
for Password.
For EG:

*BAD PASSWORD: The password is too similar to the old one*
*New password: *
*BAD PASSWORD: The password fails the dictionary check - it is based on a
dictionary word*

We tried removing "use_authtok" from below but no luck.

password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass

system-auth "password" config:

[root@cipa vagrant]# cat /etc/pam.d/system-auth | grep password | grep -v
*password    requisite     pam_pwquality.so try_first_pass retry=3 type=*
*password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass
*password    sufficient    pam_sss.so use_authtok*
*password    required      pam_deny.so*
[root@cipa vagrant]#

*Best Regards,__________________________________________*
*Yogesh Sharma*
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to