CMS Passwords versus RedHat security

The story of one man's journey to make life sane. I am not that man.

My company doesn't have anti-dictionary requirements for our passwords. RedHat does. This leads to the exciting scenario where people have to invent gibberish passwords for CMS only, and then forget them constantly. After a fair amount of digging, I finally found exactly what I was looking for.

After trying all the permutations in /etc/pam.d/system-auth, I couldn't figure out why 'passwd' kept giving me the "dictionary" error. It turns out that pam_unix, as someone suggested, is compiled with cracklib support. ... So, I figured, if you can't remove it, make it useless:

# cd /usr/share
# mv cracklib cracklib.bak
# mkdir cracklib
# cd cracklib
# cracklib-packer

Now enter a list of words, followed by CTRL-D. Since I wanted to (fundamentally) disable this feature, I added exactly one word to the list: password. It looks like this:

# cracklib-packer
1 1