Force Strong Password on CentOS

Force Strong Password on CentOS
vim /etc/pam.d/system-auth
password requisite pam_cracklib.so try_first_pass retry=3 type= difok=5 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1

Explanation:
ucredit=-1
At least one upper case letter

lcredit=-1
At least one lower case letter

dcredit=-1
At least one digit

ocredit=-1
At least one symbol

minlen=8
Minimum 8 characters

difok=5
The minimum number of characters that must be different from the previous password

retry=3
Prompt user at most 3 times before returning with error

Reference:
https://www.cyberciti.biz/faq/securing-passwords-libpam-cracklib-on-debian-ubuntu-linux/


Set Password Expiration Period
sudo vim /etc/login.defs
PASS_MAX_DAYS 90
PASS_MIN_DAYS 0
PASS_WARN_AGE 7

Explanation:
Force users to change their password once every three months, and send out a warning message seven days before password expiration.

Reference:
http://xmodulo.com/set-password-policy-linux.html


Set Password Expiration Period
sudo vim /etc/pam.d/system-auth
password sufficient pam_unix.so use_authtok md5 shadow remember=5

Explanation:
Append remember=5 to prevent a user from re-using any of his or her last 5 passwords.

Reference:
https://www.cyberciti.biz/tips/how-to-linux-prevent-the-reuse-of-old-passwords.html