mediumaccess-controlverified ✓rollback-safe
Require special character in password
pam-pwquality-ocredit · RHEL ≥ 8, UBUNTU ≥ 22 · 1 impl
Description
The ocredit parameter in /etc/security/pwquality.conf controls the credit given for having special (other) characters in the password. A negative value requires at least that many special characters.
Rationale
Requiring special characters significantly increases password complexity and makes passwords more resistant to brute-force and dictionary attacks.
Check → Remediate
Checkconfig_value
- path:
- /etc/security/pwquality.conf
- key:
- ocredit
- expected:
- -1
- comparator:
- <=
Remediateconfig_set
- path:
- /etc/security/pwquality.conf
- key:
- ocredit
- value:
- -1
- separator:
- =
Framework references
CIS
rhel8 5.3.3.2.3rhel9 5.3.3.2.3rhel10 5.3.2.2.3ubuntu24 5.4.1.5ubuntu22 5.4.1.5
STIG
V-258109 / RHEL-09-611100V-230375V-270733 / UBTU-24-400330V-260563 / UBTU-22-611025V-281182 / RHEL-10-600230
NIST 800-53
IA-5(1)(a)
Live verification
rhel10:checkrhel8:checkrhel9:checkubuntu22:checkubuntu24:checkubuntu26:check
#pam#password#authentication#pwquality