{"description": "The pam_pwquality PAM module can be configured to meet\nrequirements for a variety of policies.\n

\nFor example, to configure pam_pwquality to require at least one uppercase\ncharacter, lowercase character, digit, and other (special)\ncharacter, make sure that pam_pwquality exists in /etc/pam.d/system-auth:\n
password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
\nIf no such line exists, add one as the first line of the password section in /etc/pam.d/system-auth.\nNext, modify the settings in /etc/security/pwquality.conf to match the following:\n
difok = 4\nminlen = 14\ndcredit = -1\nucredit = -1\nlcredit = -1\nocredit = -1\nmaxrepeat = 3
\nThe arguments can be modified to ensure compliance with\nyour organization's security policy. Discussion of each parameter follows.", "warnings": [], "requires": [], "conflicts": [], "values": ["var_password_pam_dcredit", "var_password_pam_dictcheck", "var_password_pam_difok", "var_password_pam_enforcing", "var_password_pam_lcredit", "var_password_pam_maxclassrepeat", "var_password_pam_maxrepeat", "var_password_pam_maxsequence", "var_password_pam_minclass", "var_password_pam_minlen", "var_password_pam_ocredit", "var_password_pam_retry", "var_password_pam_ucredit"], "groups": {}, "rules": ["accounts_password_pam_dcredit", "accounts_password_pam_dictcheck", "accounts_password_pam_difok", "accounts_password_pam_enforce_local", "accounts_password_pam_enforce_root", "accounts_password_pam_enforcing", "accounts_password_pam_lcredit", "accounts_password_pam_maxclassrepeat", "accounts_password_pam_maxrepeat", "accounts_password_pam_maxsequence", "accounts_password_pam_minclass", "accounts_password_pam_minlen", "accounts_password_pam_ocredit", "accounts_password_pam_pwquality_enabled", "accounts_password_pam_pwquality_password_auth", "accounts_password_pam_pwquality_retry", "accounts_password_pam_pwquality_system_auth", "accounts_password_pam_retry", "accounts_password_pam_ucredit"], "platform": "", "platforms": [], "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "title": "Set Password Quality Requirements with pam_pwquality", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/group.yml"}