Hands-on lab for setting password complexity criteria

For this lab, you can use either the CentOS or Ubuntu virtual machine, as desired. The only difference is that you won't perform Step 1 for CentOS:

1. For Ubuntu only, install the libpam-pwquality package:

    sudo apt install libpam-pwquality

1. Open the /etc/security/pwquality.conf file in your preferred text editor. Remove the comment symbol from in front of the minlen line and change the value to 19. It should now look like this:

        minlen = 19

Save the file and exit the editor.

1. Create a user account for Goldie and attempt to assign her the passwords, turkeylips, TurkeyLips, and Turkey93Lips. Note the change in each warning message.
2. In the pwquality.conf file, comment out the minlen line. Uncomment the minclass line and the maxclassrepeat line. Change the maxclassrepeat value to 5. The lines should now look like:

        minclass = 3
        maxclassrepeat = 5

Save the file and exit the text editor.

1. Try assigning various passwords that don't meet the complexity criteria that you've set to Goldie's account and view the results.

In the /etc/login.defs file on your CentOS machine, you'll see the line:

PASS_MIN_LEN    5

Supposedly, this is to set the minimum password length, but in reality, pwquality overrides it. So, you could set this value to anything at all, and it would have no effect.