Home / ubuntu / Questions / 180402
In Process
Lei Ming
Asked: 2012-08-26 10:30:06 +0800 CST

How to set a short password on Ubuntu?

  • 772

When I install the Ubuntu, I set a short password(<4). Now I want to change the other short password by "passwd" or change passphrase on "Password and Keys" program, it needs a password >4 char.

password

6 Answers

  1. Use following command in Terminal:

    sudo passwd <user>

    Replace <user> with the username whose password you wish to change.

    This works because passwd suppresses all checks for length or entropy when you use it as the root user.

    Warning: if the target user has an encrypted home directory, this will cause problems! (see comments below)

    • 256

  2. By default, Ubuntu requires a minimum password length of 6 characters, as well as some basic entropy checks. These values are controlled in the file /etc/pam.d/common-password, which is outlined below.

    password        [success=2 default=ignore]      pam_unix.so obscure sha512

    If you would like to adjust the minimum length to 4 characters, add the appropriate variable (minlen=4) to the end of the line. The modification is outlined below.

    password        [success=2 default=ignore]      pam_unix.so obscure sha512 minlen=4

    Source.

    • 39

  3. Bring up a terminal and edit /etc/pam.d/common-password

    Change this line:

    password    [success=1 default=ignore]  pam_unix.so obscure sha512

    to:

    password    [success=1 default=ignore]  pam_unix.so obscure sha512 minlen=4

    Password also need a certain amount of complexity, as specified by the obscure parameter above.

    password    [success=1 default=ignore]  pam_unix.so minlen=2 sha512

    removes that check also.

    This all presupposes that you think this is wise.

    See man pam_unix

    These work on my system.

    • 27

  4. In Ubuntu 18.04 none of other solutions worked for me. I had to replace both of these lines:

    password    requisite                   pam_cracklib.so retry=3 minlen=8 difok=3 dcredit=-1 enforce_for_root lcredit=-1 ocredit=-1 reject_username ucredit=-1
password    [success=1 default=ignore]  pam_unix.so obscure use_authtok try_first_pass sha512

    in /etc/pam.d/common-password with:

    password    [success=1 default=ignore]  pam_unix.so minlen=2 sha512

    These changes let me changed my password easily and after changing password I restored file to it's original form.

    • 6

  5. To set up a simple password, I tried the simple sudo passwd username method, but it failed on my Ubuntu Server 12.04 LTS.

    So I tried to remove the obscure option from /etc/pam.d/common-passwd config file, but it still failed.

    So I also removed the obscure option from /usr/share/pam-configs/unix config file. And then it worked :-)

    I do agree that it should be simplier, when acting as su to set up a weak password, whatever the reason why one wants to do it! A warning saying "weak password, confirm?" would be perfect...

    • 4

  6. This can be done with PAM pwdfile module.

    The way described here changes only the desktop login (lightdm service), but can be applied to other services as well if you wish.

    Also, this allows you to have your original strong password for "sudo", while maintaining a fairly easy way to login to Ubuntu desktop.

    Commands can be issued in the terminal program.

    Installing the software

    First, we install a software package named libpam-pwdfile:

    sudo apt-get install libpam-pwdfile

    Creating the user-password file

    We will then create the user/password file. You will be prompted to enter a new PIN password. Your password will be encrypted and saved to a file named passwd.like

    pinpass=$(mkpasswd -5)
echo "$pinpass" | sudo tee /etc/passwd.like

    Alternatively, you may use: openssl passwd -1 yourpinpasswordhere and create a file named /etc/passwd.like and that password.

    Setting up the desktop login service

    The next step is to prepare the desktop login service to accept the PIN password before other password procedures. I've mentioned already the name of the desktop login service, lightdm.

    Take a look at the file:

    cat /etc/pam.d/lightdm

    If you don't have this file, then your desktop (login) service is a different one, and you should find your desktop manager before going further. As explained before, this guide is for Ubuntu 16.04 but can be used for other login services as well.

    It could be useful if you also create a backup:

    sudo cp /etc/pam.d/lightdm /etc/pam.d/lightdm.backup

    Now, you may edit the file using nano or gedit or any other text editor:

    sudo gedit /etc/pam.d/lightdm

    At the top of the file mine had:

    #%PAM-1.0
auth    requisite       pam_nologin.so
auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth

    I have modified it like so:

    #%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
auth required pam_pwdfile.so pwdfile=/etc/passwd.like
auth required pam_permit.so
#@include common-auth

    Save the file and close your text editor.

    Log out and log back in.

    You should be able to use the PIN password you set. By following this guide, the PIN password is only used for the desktop login service, not for the password of sudo commands.

    Source: http://blog.radevic.com/2017/11/how-to-set-pin-password-or-short.html

    • 2