Bug 1318517

Summary: [Azure][RHEL 7.2][Need review for implementing password policy for on-demand images]
Product: Red Hat Enterprise Linux 7 Reporter: lizzha
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: jboutaud, pkis, stephen.zarkos
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-17 09:16:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description lizzha 2016-03-17 06:47:03 UTC 
We're going to implement password policy in the on-demand Azure RHEL images, to align with the password policy from Azure portal.

Here're the rules
- The password must be between 6-72 characters long.
- The password must contain 3 of the following:
  a lowercase character
  an uppercase character
  a number
  a special character 

We come out the below solution, could you please help review?

Add following lines in /etc/security/pwquality.conf
minlen = 6
dcredit = 1
ucredit = 1
lcredit = 1
ocredit = 1
minclass = 3
Comment 2 Tomas Mraz 2016-03-17 09:16:43 UTC 
Again as libpwquality calls cracklib the configuration needs to be similar to RHEL-6 - that means this is the proper configuration:

minlen = 6
dcredit = 0
ucredit = 0
lcredit = 0
ocredit = 0
minclass = 3