How to disable the password complexity on Red Hat Linux?

This post describes the procedure of how to disable the password complexity on Red Hat Linux after security hardening is performed for passwords. Please have a look below for details.

INITIAL NOTICE

Exercise caution when disabling password complexity, as complexity of new passwords may become lower, which brings risks to systems.

PROCEDURE

1. Log in to the operating system as a common user and switch to the root user.

2. Modify the configuration file for setting the password complexity:

# vi /etc/pam.d/password-auth

The following information is displayed:

auth       required     pam_env.so

auth       sufficient   pam_unix.so try_first_pass nullok

auth       required     pam_deny.so

account    required     pam_unix.so

password   requisite    pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=0 enforce_for_root

password   sufficient   pam_unix.so try_first_pass use_authtok nullok sha512 shadow

password   required     pam_deny.so

session    optional     pam_keyinit.so revoke

session    required     pam_limits.so

session    [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session    required     pam_unix.so

# vi /etc/pam.d/system-auth

The following information is displayed:

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth       required     pam_env.so

auth       sufficient   pam_unix.so try_first_pass nullok

auth       required     pam_deny.so 

account    required     pam_unix.so

password   requisite    pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=0 enforce_for_root

password   sufficient   pam_unix.so try_first_pass use_authtok nullok sha512 shadow

password   required     pam_deny.so

session    optional     pam_keyinit.so revoke

session    required     pam_limits.so

session    [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session    required     pam_unix.so

Parameter settings in the pam_cracklib.so line control user password complexity and enforce_for_root indicates that the password of the root user also needs to meet the password complexity requirements.

3. Add a comment tag (#) before the pam_cracklib.so line in the password-auth and system-auth configuration files to comment out the line. 

NOTICE

After the password complexity has been disabled, the complexity of the new passwords may become lower, which brings risks tosystems.

Therefore, you must enable the password complexity again. To enable the password complexity again, delete the added comment tag (#), save the modification and exit.

4. Press Esc.

5. Run the :wq command and press Enter.

This is thus how to disable the password complexity on Red Hat Linux.