A Linux system administrator wants to enforce strong password policies on the system. They plan to implement password complexity requirements that include a minimum length of 10 characters, at least one uppercase and one lowercase letter, and at least one digit or special character. Which of the following tools should the administrator configure to meet these requirements?
Edit the /etc/login.defs file to include the minimum length password requirement without parameters for complexity.
Use the chage command to set password expiration and enforce the new strong password policy.
Configure the PAM module pam_pwquality.so to include password strength requirements in /etc/security/pwquality.conf or similar.
Use the passwd command to enforce stronger passwords when users change their passwords next time.
PAM, or Pluggable Authentication Modules, are used in Linux environments to integrate multiple low-level authentication schemes into a high-level API that allows for programs that rely on authentication to be written independently of the underlying authentication mechanism. By configuring the PAM module responsible for password quality control, typically pam_pwquality.so, the administrator can enforce password strength policies. The configurations can include requirements for different character classes, minimum length, and other password policies. The other options, such as chage, passwd, and faillock, do not directly allow an administrator to enforce password strength requirements, as they serve different purposes in user account and password management.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PAM and why is it important for password policies?
Open an interactive chat with Bash
What specific settings can be configured in `/etc/security/pwquality.conf`?
Open an interactive chat with Bash
How does the `chage` command relate to password policies?