Since you are here, Im assuming that your changes in the pwquality.conf is not getting reflected, even though you have followed all the solutions available online. This article will help you solve the issue. This article only focuses on the issue and not on pwquality, so we will be focusing on the basic password quality minimum length.
Issue : /etc/security/pwquality.conf not affecting the password policy/quality in Linux
The pwquality.conf file is updated to consider minimum password length of 13.
[root@w1-add ~]# cat /etc/security/pwquality.conf |grep minlen
minlen = 13
While updating the password, still the existing default value is seen. Ideally, the error should have thrown number 13, but here it is showing the default value 8
[root@w1-add ~]# passwd ty
Changing password for user ty.
New password:
BAD PASSWORD: The password is shorter than 8characters
Solution:
Before jumping into solution, just a disclaimer, im going to provide a three step process. In some of my machine, the first step itself did the trick. But in some , only the second step did the trick. Third step is just an extra verification
Step 1
After updating the value in the password quality file pwquality.conf, execute the below command.
[root@w1-add ~]# authconfig --updateall
Verify if the password quality from pwquality.conf file become effective.
[root@w1-add ~]# passwd ty
Changing password for user ty.
New password:
BAD PASSWORD: The password is shorter than 8characters
It can be seen that, the pwquality issue is not fixed (for some cases this will fix the issue, for covering the negative scenario, I'm assuming this step didn't solved the issue).
Step 2
Update the minlen parameter for password quality via authconfig utility.
[root@w1-add ~]# authconfig --passminlen=13 --update
Verify if the changes are in effect
[root@w1-add ~]# passwd ty
Changing password for user ty.
New password:
BAD PASSWORD: The password is shorter than 13 characters
It can be seen that the changes came into picture.
Now direct update to the pwquality will start to work, In the next step, we can confirm this also
Step 3 [Run time update verification]
Change the content of the pwquality file directly without authconfig utility to verify if the runtime update of the pwquality is possible by direct editing of the file
[root@w1-add ~]# vi /etc/pam.d/system-auth
[root@w1-add ~]# cat /etc/security/pwquality.conf |grep minlen
minlen = 10
[root@w1-add ~]# passwd ty
Changing password for user ty.
New password:
BAD PASSWORD: The password is shorter than 10 characters
Conclusion
Assuming that your issue is solved. And the possible reason for the issue was due to some unwanted entries in pam files mentioned in the /etc/pam.d.
If your issue still persists, verify if there is any other pam modules which are predominating the default linux pam modules delivered by pam rpm