Kisa bir bolumunu alinti yapacagim makaleyi siddetle okumanizi oneririm.
Enforce strong passwords
In this experiment we’ll use the pam_passwdqc module on the password stack to ensure that users choose strong passwords. (Note that this will only make any difference when users set or change their passwords; it won’t winkle out weak passwords that are already set.)
What you need to do: Red Hat already uses the pam_cracklib module to check password strength in the common system-auth file. We simply need to replace the pam_cracklib line with a line that looks something like this:
password requisite pam_passwdqc.so min=12,10,10,8,6 retry=3
Figure 3 above attempts to illustrate the parameters to pam_passwdqc. The test of a password’s strength is based on its length, but you can set different minimum lengths depending on the number of character classes in your password. There are four character classes: lower case, upper case, digits, and other characters. Upper case letters used as the first character and digits used as the last character of a password don’t count.
How to test it: Try changing your password to various strings; in each case count the number of characters and the number of character classes in the string and predict if it should be an acceptable password. There are a few examples in the table belowKaynak: http://tuxtraining.com/2009/04/07/how-pam-works
