Bug 1318517 - [Azure][RHEL 7.2][Need review for implementing password policy for on-demand images]
Summary: [Azure][RHEL 7.2][Need review for implementing password policy for on-demand ...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pam
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-17 06:47 UTC by lizzha
Modified: 2016-03-22 02:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-03-17 09:16:43 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description lizzha 2016-03-17 06:47:03 UTC 
We're going to implement password policy in the on-demand Azure RHEL images, to align with the password policy from Azure portal.

Here're the rules
- The password must be between 6-72 characters long.
- The password must contain 3 of the following:
  a lowercase character
  an uppercase character
  a number
  a special character 

We come out the below solution, could you please help review?

Add following lines in /etc/security/pwquality.conf
minlen = 6
dcredit = 1
ucredit = 1
lcredit = 1
ocredit = 1
minclass = 3
Comment 2 Tomas Mraz 2016-03-17 09:16:43 UTC 
Again as libpwquality calls cracklib the configuration needs to be similar to RHEL-6 - that means this is the proper configuration:

minlen = 6
dcredit = 0
ucredit = 0
lcredit = 0
ocredit = 0
minclass = 3
Note You need to log in before you can comment on or make changes to this bug.