Set Password Strength Minimum Different Categories
The pam_cracklib module's 'minclass' parameter controls requirements for
usage of different character classes, or types, of character that must exist in a password
before it is considered valid. For example, setting this value to three (3) requires that
any password must have characters from at least three different categories in order to be
approved. The default value is zero (0), meaning there are no required classes. There are
four categories available:
* Upper-case characters
* Lower-case characters
* Digits
* Special characters (for example, punctuation)
Modify the 'minclass' setting in '/etc/security/pwquality.conf' entry to require
differing categories of characters when changing passwords. The minimum requirement is '3'.
Requiring a minimum number of character categories makes password guessing attacks
more difficult by ensuring a larger search space.
Fix:
No Remediation Info
oval:org.secpod.oval:def:30619
oval:org.secpod.oval:def:31342
SCAP Repo OVAL Definition
2015-11-13