Linux Password Policy

Hi Expert,

I am not very expert in Linux so please advise me.

I have Oracle Linux 7.6 (Unbreakable) and wanted to configured Password Policy according to my organization therefore I have altered three files 1. Login.defs 2. Pwquality.conf 3. system-auth.

In Login.defs i have changed the value



minlen = 9
minclass = 2
minrepeat = 2


added line after Password sufficient remember=3

Problem :

  1. when i tired to created user after applying changes from root i can set the password of 7 character also with out special character so means policy is not working ?

  2. When i ran the command chage -l user1 (Created Before Applying changes) it shows default values) however when i ran the same command on user5 which i created after applying changes it shows my applicable values.

Please correct me what i did wrong in this configuration.


I expect it to be same/similar to RHEL/CentOS but there seems to be a slightly different process for ROOT - check out Oracle Document 2320972.1

“The scope of this document is to configure password complexity for all the users, including root.”

FYI - the normal user process seem to be here:

“This document describes the PAM pam_cracklib credit system in relation to Linux PAM password complexity.”

You’ll need to create a (free) account…

Thanks for your response.

actually, my query is to implement a complete password policy.

Password Policy is implemented but got an error when the user prompt for an error.

login as: user5
[email protected]’s password:
You are required to change your password immediately (password aged)
Last login: Wed Sep 15 11:12:36 2021 from

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user user5.
Changing password for user5.
(current) UNIX password:
passwd: Authentication token manipulation erro


Reading a few things, the error sounds to be due to a config error - is anything reaching the logs?

This page suggest that there are setup differences between DEB and RPM systems (like OL) - so, it may be worth a double check.

But… if you can undo your changes, and reimplement each in turn, you may be able to identify the cause and also gain confidence in the changes you’re making.

Let us know how you get on…