highaccess-controlverified ✓rollback-safe
Set minimum password length
pam-pwquality-minlen · RHEL ≥ 8, UBUNTU ≥ 22 · 1 impl
Description
The minlen parameter in /etc/security/pwquality.conf sets the minimum acceptable size for new passwords. Longer passwords are more resistant to brute-force attacks.
Rationale
Password length is one of the most important factors in password strength. A minimum of 14 characters is recommended for strong security.
Check → Remediate
Checkconfig_value
- path:
- /etc/security/pwquality.conf
- key:
- minlen
- expected:
- {{ pam_pwquality_minlen }}
- comparator:
- >=
Remediateconfig_set
- path:
- /etc/security/pwquality.conf
- key:
- minlen
- value:
- {{ pam_pwquality_minlen }}
- separator:
- =
Framework references
CIS
rhel8 5.3.3.2.2rhel9 5.3.3.2.2rhel10 5.3.2.2.2ubuntu24 5.3.3.2.2ubuntu22 5.3.3.2.2
STIG
V-258107 / RHEL-09-611090V-230369V-270732 / UBTU-24-400320V-260565 / UBTU-22-611035V-281181 / RHEL-10-600220
NIST 800-53
IA-5(1)(a)IA-5
Live verification
rhel10:checkrhel8:checkrhel9:checkubuntu22:checkubuntu24:checkubuntu26:check
#pam#password#authentication#pwquality