I know that it is a "bad" idea, I know that it is not secure, I know. I searched the net for an answer and all I saw was whining that it's not good. But I like using Linux because it lets me make the system I want and like to use. The end of intro.
I try to change password:
user:~% passwd
Changing password for user.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
You must choose a longer password
If I try sudo passwd user then I can set any password I want so I don't need password complexity checks for passwd on my system.
After googling I've found that there should be PAM module pam_cracklib that tests password for complexity and it can be configured. But my PAM password settings doesn't include pam_cracklib:
% cat /etc/pam.d/passwd | grep '^[^#]'
@include common-password
% cat /etc/pam.d/common-password | grep '^[^#]'
password [success=1 default=ignore] pam_unix.so obscure sha512
password requisite pam_deny.so
password required pam_permit.so
password optional pam_gnome_keyring.so
I guess that pam_unix makes this test... Oops... Guys, the moment I finished to write this sentence I've got an enlightenment and typed man pam_unix in terminal
where I've found needed options for pam_unix module.
I just removed option obscure and added minlen=1 and now I'm happy. So now I have this line in /etc/pam.d/common-password:
password [success=1 default=ignore] pam_unix.so minlen=1 sha512
and I can set any password.
I decided to keep this post for people who might need this solution also.
Ok, I will answer my question :)
I've found that
pam_unixmodule performs password complexity check and it can be configured.man pam_unix:Solution:
Alter the line in the
pam_unixmodule in the/etc/pam.d/common-passwordfile to:It allows you to set any password with minimal length of 1.
If it is a once off, using the passwd command as root you can set a simple password for a user by simply entering the desired value, and then enter the password two times at the prompts.
Open the
common-passwordconfig file for editing:Comment this line by adding the
#character to the front as shown:Also comment this line, otherwise password setting will ask you to pass a mix of upper/lower case letters:
Now just add this line into the same file:
this should do it...
For me on Ubuntu 21.04 in
/etc/pam.d/common-passwordfile:password requisite pam_pwquality.so retry=3Change next line from
to
I tried ALL of the methods on a machine with a strange and very strict installation using a manipulation resistant PAM.
On this machine, none of the tricks above helped to change the password of a local account (without windows domain) to some new value. The PAM rules always kicked in, even when using sudo passwd
Changes on the /etc/pam.d/common-password resulted in passwd failing alltogether due to 'manipulation error'.
My solution to it was to set the password on another machine on which I also have root access, then copy/paste the hashed value from the /etc/shadow from that machine to the other simply using sudo vi /etc/shadow . The strict PAM did not block that, and it works. (yes, I know it also copies the salt)