Trouble with password rules in Linux-PAM

by flag

Ubuntu 20.04. I've installed

Here's the contents of /opt/pam.d/common-password:

password    required retry=1 minlen=10 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 difok=1 symbols="!#%^()&"
password    required obscure use_authtok try_first_pass sha512

The intention here is that all passwords:

  • Must be at least 10 characters long
  • Must have at least one uppercase letter
  • Must have at least one lowercase letter
  • Must have at least one digit
  • Must have at least one symbol, which may be one of these ! # % ^ ( ) &

However, it doesn't seem to quite work right:

$ sudo passwd joe
New password:
BAD PASSWORD: The password contains less than 1 digits
Retype new password: 
passwd: password updated successfully

For the both prompts, I typed "blah".

The "New password" prompt correctly recognizes that the password does not meet the complexity requirements. However, instead of asking the user to try again, it proceeds directly to the "Retype new password" prompt, which seems to ignore the complexity requirements.

What am I doing wrong?

I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.