{"description": "The <tt>pam_cracklib</tt> PAM module can be configured to meet\nrequirements for a variety of policies.\n<br /><br />\nFor example, to configure <tt>pam_cracklib</tt> to require at least one uppercase\ncharacter, lowercase character, digit, and other (special)\ncharacter, locate the following line in <tt>/etc/pam.d/system-auth</tt>:\n<pre>password requisite pam_cracklib.so try_first_pass retry=3</pre>\nand then alter it to read:\n<pre>password required pam_cracklib.so try_first_pass retry=3 maxrepeat=3 minlen=14 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 difok=4</pre>\nIf no such line exists, add one as the first line of the password section in <tt>/etc/pam.d/system-auth</tt>.\nThe arguments can be modified to ensure compliance with\nyour organization's security policy. Discussion of each parameter follows.", "warnings": [{"general": "Note that the password quality requirements are not enforced for the\nroot account for some reason."}], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": ["cracklib_accounts_password_pam_dcredit", "cracklib_accounts_password_pam_difok", "cracklib_accounts_password_pam_lcredit", "cracklib_accounts_password_pam_minlen", "cracklib_accounts_password_pam_ocredit", "cracklib_accounts_password_pam_retry", "cracklib_accounts_password_pam_ucredit"], "platform": "", "platforms": [], "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "title": "Set Password Quality Requirements, if using\npam_cracklib", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pamcracklib/group.yml"}