← Rules Catalog
mediumaccess-controlverified rollback-safe

Limit consecutive characters from same class

pam-pwquality-maxclassrepeat · RHEL ≥ 8 · 1 impl

Description

The maxclassrepeat parameter in /etc/security/pwquality.conf sets the maximum number of allowed consecutive characters from the same character class (digits, uppercase, lowercase, special).

Rationale

Limiting consecutive characters from the same class prevents weak patterns like "ABCD" or "1234" and ensures better character distribution in passwords.

Check → Remediate

Checkconfig_value
path:
/etc/security/pwquality.conf
key:
maxclassrepeat
expected:
4
comparator:
<=
Remediateconfig_set
path:
/etc/security/pwquality.conf
key:
maxclassrepeat
value:
4
separator:
=

Framework references

STIG

V-258113 / RHEL-09-611120V-230360V-281187 / RHEL-10-600280

NIST 800-53

IA-5(1)(a)

Live verification

rhel10:checkrhel8:checkrhel9:check
#pam#password#authentication#pwquality