how do i turn off the password complexity check?

Asked by firebird

I have tried to set the required value in /etc/pam.d/common-password to
max=4 that one should disable complexity check for passwords longer then 4 digits but it doesn't... ?

Thanks in advance and your's, firebug

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu pam Edit question
Assignee:
No assignee Edit question
Solved by:
firebird
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said :
#1

If you are setting a password for your keyring, just set no password and it won't bug you for a password. Passwords less than 4 characters only give about 1.6 million possibilities which modern hardware can crack in milliseconds.

Why such a weak password?

Revision history for this message
firebird (sysadmin-dk-compmath-deactivatedaccount) said :
#2

Hey there actionparsnip, it's me, remoteCTRL from #Ubuntu :)

We have a pool of net/notebooks that are there for everyone, free to take away as required.
Policy is that the password to this devices is dot dot[name of device].
So if the device has a four letter name that makes a six letter password (while there is another policy after which the divices are named...).
Simple as that.

Other than that I don't like being constrained into something by brute force, like not being able to choose a password of my desire, because somebody at ubuntu's doesn't consider it worthy enough...

Is that my business now how strong my password is, or whut?
So can I PLEASE change this somehow?

If i cannot, then I can use Windows right from the start now, right?;)

Please accept my apologies, if you consider my answer rude in any aspect, but I really do not like this kind of appriach and I still hope that this is a bug and not a feature!

Thanks and your's, firebug

Revision history for this message
firebird (sysadmin-dk-compmath-deactivatedaccount) said :
#3

Btw how do I edit a thread/comment after I submitted it here?
I see plenty of syntax errors in my previous comment, sry for that ... -.-

Revision history for this message
actionparsnip (andrew-woodhead666) said :
#4

You could boot to root recovery mode and run:

passwd foo

replace foo with the username you have setup. I think root can do as it pleases so should be able to set the password as you wish.

Not sure about the syntax errors, I'm sure the ops will make it nicer :)

Revision history for this message
firebird (sysadmin-dk-compmath-deactivatedaccount) said :
#5

hehehe the ops...

first of all thanks, actionparsnip, as a matter of fact I had done almost exactly that, except for the recovery-mode; I did it with a chroot from a live CD with the effect that I really had my pwd set to a 6 character expression.

The serious flaw about this method ist that it does not consider the password in the keyring, you would have to set that once again and that brings you back to square one with the complexity criteria, so please undo the "answered" ! *g*

I wonder if I should file a bug-report for the non working max=xy setting in /etc/pam.d/common-password file?
Point is that I don't know if that setting is actually being overridden somewhere.
As this has happened so often in the past like with /etc/interfaces or /etc/X11/xorg.conf I am actually a little insecure whether to file one...

What do you think?

Revision history for this message
actionparsnip (andrew-woodhead666) said :
#6

Could log one and the bug managers will review etc is all I can say. I guess it's a policy to stop the usual windows users whom LOVE blank passwords as they have zero respect or idea about security, then wonder why their crummy OS gets virues etc.

Revision history for this message
firebird (sysadmin-dk-compmath-deactivatedaccount) said :
#7

well I am of course aware about the motivations that may lay under such decisions, yet still, attempting to change this in /etc/pam.d/commom-password should actually already proove that I am not the windwos noob, and that I do know what I am doing...
(or at least mostly... *g*).
I will file a bug report now...
Thanks actionparsnip, you have as always been of great assistance!