# Change password policy

## nash11

When I force the user to change the password , the user will prompt the message (BAD PASSWORD: it is based on a dictionary word) , I understand this is a security reason to probit simple password , but if I want to disable this restriction ( that means the linux system allow  any dictionary word ) , what can I do ? thx.

----------

## Janne Pikkarainen

See file /etc/pam.d/system-auth - the line containing pam_cracklib.so is the one you want to modify. For documentation about pam_cracklib and its options, browse /usr/share/doc/pam-<your-installed-pam-version>.

----------

## nash11

I would like to have one more requirement , the default password length is at least 7 characters, if I want to change the default setting , that the system accept the password length is 6 characters , what can i do ? thx

----------

## Janne Pikkarainen

Change the pam_cracklib.so minlen parameter in /etc/pam.d/system-auth file.

----------

## nash11

thx reply ,

the password length is Ok now , thx for help.

I would like to ask again , now my system accept the numerics only or characters only password , for example ,  the password can be 741852 ( all numerics ) or poiuyt ( all characters ) , if I want to control the password MUST have BOTH characters AND numerics , what can I do ? thx

----------

## Janne Pikkarainen

Not to be rude or anything, but did you read at all the documentation I pointed you at earlier?

Anyway, this is a copy-paste from /usr/share/doc/pam-<my-pam-version>/txt/README.pam_cracklib.gz:

```

        dcredit=N

        ucredit=N

        lcredit=N

        ocredit=N       Weight, digits, upper, lower, other characters with

                        count N. Use these values to compute the

                        'unsimplicity' of the password.
```

You can put those parameters to /etc/pam.d/system-auth pam_cracklib.so line. For your use dcredit and/or u/lcredit values are the most important.

----------

