On Wed, 25 Mar 2015, Yogesh Sharma wrote:

Is there any way that we can configure IPA server not to do Strict Checking
for Password.
For EG:

*BAD PASSWORD: The password is too similar to the old one*
*New password: *
*BAD PASSWORD: The password fails the dictionary check - it is based on a
dictionary word*

We tried removing "use_authtok" from below but no luck.

password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass
You are changing *wrong* configuration.

system-auth "password" config:

[root@cipa vagrant]# cat /etc/pam.d/system-auth | grep password | grep -v
*password    requisite     pam_pwquality.so try_first_pass retry=3 type=*
pam_pwquality is responsible for the password strength checks in PAM
stack. Read its documentation for details.

P.S. This question has nothing to do with FreeIPA.
/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to