← Rules Catalog
mediumaccess-controlverified rollback-safe

Limit consecutive repeating characters in password

pam-pwquality-maxrepeat · RHEL ≥ 8 · 1 impl

Description

The maxrepeat parameter in /etc/security/pwquality.conf sets the maximum number of allowed consecutive same characters in a password.

Rationale

Limiting consecutive repeating characters prevents weak patterns like "aaaa" or "1111" in passwords, increasing resistance to pattern-based attacks.

Check → Remediate

Checkconfig_value
path:
/etc/security/pwquality.conf
key:
maxrepeat
expected:
3
comparator:
<=
Remediateconfig_set
path:
/etc/security/pwquality.conf
key:
maxrepeat
value:
3
separator:
=

Framework references

CIS

rhel8 5.3.3.2.4rhel9 5.3.3.2.4rhel10 5.3.2.2.4

STIG

V-258114 / RHEL-09-611125V-230361V-281188 / RHEL-10-600290

NIST 800-53

IA-5(1)(a)IA-5

Live verification

rhel10:checkrhel8:checkrhel9:check
#pam#password#authentication#pwquality