How to test password PAM options without changing password

Ask Question

Asked 1 year ago

Modified 1 year ago

Viewed 148 times

I notice there are settings in /etc/pam.d/common-password to define minimum password strength. For example:

...

password    requisite      pam_pwquality.so retry=3 maxrepeat=0 minlen=19 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 reject_username enforce_for_root dictcheck=0

password    required       pam_pwhistory.so remember=10 use_authtok enforce_for_root
...

These checks are run when passwd is run. I want to check if a given string will pass these checks but I don't want it to actually modify the user's password if it succeeds. Essentially I am looking for something like passwd --dry-run.

How can I achieve this

edited Oct 18, 2024 at 11:54

Kusalananda♦

356k42 gold badges735 silver badges1.1k bronze badges

asked Oct 18, 2024 at 11:35

Aidan Gallagher

1112 bronze badges

Don't test on a live account

Chris Davies
– Chris Davies

2024-10-18 12:23:09 +00:00
Commented Oct 18, 2024 at 12:23
1

create a temporary account with /bin/false as a shell, and delete after test ?

Archemar
– Archemar

2024-10-18 12:45:24 +00:00
Commented Oct 18, 2024 at 12:45

Add a comment |

0 You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

Stack Exchange Network

How to test password PAM options without changing password

0

You must log in to answer this question.

Hot Network Questions

How to test password PAM options without changing password

0

You must log in to answer this question.

Related

Hot Network Questions