mediumaccess-controlverified ✓rollback-safe
Limit consecutive repeating characters in password
pam-pwquality-maxrepeat · RHEL ≥ 8 · 1 impl
Description
The maxrepeat parameter in /etc/security/pwquality.conf sets the maximum number of allowed consecutive same characters in a password.
Rationale
Limiting consecutive repeating characters prevents weak patterns like "aaaa" or "1111" in passwords, increasing resistance to pattern-based attacks.
Check → Remediate
Checkconfig_value
- path:
- /etc/security/pwquality.conf
- key:
- maxrepeat
- expected:
- 3
- comparator:
- <=
Remediateconfig_set
- path:
- /etc/security/pwquality.conf
- key:
- maxrepeat
- value:
- 3
- separator:
- =
Framework references
CIS
rhel8 5.3.3.2.4rhel9 5.3.3.2.4rhel10 5.3.2.2.4
STIG
V-258114 / RHEL-09-611125V-230361V-281188 / RHEL-10-600290
NIST 800-53
IA-5(1)(a)IA-5
Live verification
rhel10:checkrhel8:checkrhel9:check
#pam#password#authentication#pwquality