digging further into making our linux servers conform to the same password policy as the aix boxes i've been reading up a bit on pam_cracklib and have a few questions.
first, i understand the whole credits scheme for setting password complexity but why does setting a dcredit to "-1" seemingly enforce the requirement for a numerical character in your password? i've found some examples using that on the web but nothing that actually explains why. i understand that if i set it to 1 it'll give a credit to numerical passwords but if they actually set a long password they can satisfy minlen without satisfying dcredits... "-1" resolves this but i'd like to see some documentation around it?
second, is there any way to get it to enforce alpha characters without having to specify one of each lowercase and uppercase? some users create very complex passwords but may not necessarily use mixed case? i'm assuming since i only have lcredit and ucredit this is not possible but maybe someone's found the magical well of pam_cracklib documentation that has evaded me.
i'm assuming pam_cracklib is the correct/only way to implement password complexity on redhat systems?
first, i understand the whole credits scheme for setting password complexity but why does setting a dcredit to "-1" seemingly enforce the requirement for a numerical character in your password? i've found some examples using that on the web but nothing that actually explains why. i understand that if i set it to 1 it'll give a credit to numerical passwords but if they actually set a long password they can satisfy minlen without satisfying dcredits... "-1" resolves this but i'd like to see some documentation around it?
second, is there any way to get it to enforce alpha characters without having to specify one of each lowercase and uppercase? some users create very complex passwords but may not necessarily use mixed case? i'm assuming since i only have lcredit and ucredit this is not possible but maybe someone's found the magical well of pam_cracklib documentation that has evaded me.
i'm assuming pam_cracklib is the correct/only way to implement password complexity on redhat systems?