How to set a short password on Ubuntu?
When I install the Ubuntu, I set a short password(<4). Now I want to change the other short password by "passwd" or change passphrase on "Password and Keys" program, it needs a password >4 char.
password
add a comment |
When I install the Ubuntu, I set a short password(<4). Now I want to change the other short password by "passwd" or change passphrase on "Password and Keys" program, it needs a password >4 char.
password
2
Why do u want to set a short password? That is not safe, try you change the password from root account even if you forced to do.
– karthick87
Aug 25 '12 at 18:48
14
@karthick87 because my home computer is not Fort Knox. If strangers are messing with my desktop then I have bigger concerns than my computer.
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:24
2
@karthick87 Why a short password? Ubuntu might run as a virtual machine and your virtualization software lacks copy and paste functionality for the command line of Linux guests (like Parallels desktop for Mac 8.0 does miss), then you want to access Ubuntu with a short password, or even better without a password at all.
– Pro Backup
Feb 12 '14 at 10:08
@karthick87 Fixing the parameters of what a password should be like, makes a password easier to guess and therefore less secure.
– DustWolf
Dec 9 '16 at 13:16
add a comment |
When I install the Ubuntu, I set a short password(<4). Now I want to change the other short password by "passwd" or change passphrase on "Password and Keys" program, it needs a password >4 char.
password
When I install the Ubuntu, I set a short password(<4). Now I want to change the other short password by "passwd" or change passphrase on "Password and Keys" program, it needs a password >4 char.
password
password
asked Aug 25 '12 at 18:30
Lei MingLei Ming
554145
554145
2
Why do u want to set a short password? That is not safe, try you change the password from root account even if you forced to do.
– karthick87
Aug 25 '12 at 18:48
14
@karthick87 because my home computer is not Fort Knox. If strangers are messing with my desktop then I have bigger concerns than my computer.
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:24
2
@karthick87 Why a short password? Ubuntu might run as a virtual machine and your virtualization software lacks copy and paste functionality for the command line of Linux guests (like Parallels desktop for Mac 8.0 does miss), then you want to access Ubuntu with a short password, or even better without a password at all.
– Pro Backup
Feb 12 '14 at 10:08
@karthick87 Fixing the parameters of what a password should be like, makes a password easier to guess and therefore less secure.
– DustWolf
Dec 9 '16 at 13:16
add a comment |
2
Why do u want to set a short password? That is not safe, try you change the password from root account even if you forced to do.
– karthick87
Aug 25 '12 at 18:48
14
@karthick87 because my home computer is not Fort Knox. If strangers are messing with my desktop then I have bigger concerns than my computer.
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:24
2
@karthick87 Why a short password? Ubuntu might run as a virtual machine and your virtualization software lacks copy and paste functionality for the command line of Linux guests (like Parallels desktop for Mac 8.0 does miss), then you want to access Ubuntu with a short password, or even better without a password at all.
– Pro Backup
Feb 12 '14 at 10:08
@karthick87 Fixing the parameters of what a password should be like, makes a password easier to guess and therefore less secure.
– DustWolf
Dec 9 '16 at 13:16
2
2
Why do u want to set a short password? That is not safe, try you change the password from root account even if you forced to do.
– karthick87
Aug 25 '12 at 18:48
Why do u want to set a short password? That is not safe, try you change the password from root account even if you forced to do.
– karthick87
Aug 25 '12 at 18:48
14
14
@karthick87 because my home computer is not Fort Knox. If strangers are messing with my desktop then I have bigger concerns than my computer.
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:24
@karthick87 because my home computer is not Fort Knox. If strangers are messing with my desktop then I have bigger concerns than my computer.
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:24
2
2
@karthick87 Why a short password? Ubuntu might run as a virtual machine and your virtualization software lacks copy and paste functionality for the command line of Linux guests (like Parallels desktop for Mac 8.0 does miss), then you want to access Ubuntu with a short password, or even better without a password at all.
– Pro Backup
Feb 12 '14 at 10:08
@karthick87 Why a short password? Ubuntu might run as a virtual machine and your virtualization software lacks copy and paste functionality for the command line of Linux guests (like Parallels desktop for Mac 8.0 does miss), then you want to access Ubuntu with a short password, or even better without a password at all.
– Pro Backup
Feb 12 '14 at 10:08
@karthick87 Fixing the parameters of what a password should be like, makes a password easier to guess and therefore less secure.
– DustWolf
Dec 9 '16 at 13:16
@karthick87 Fixing the parameters of what a password should be like, makes a password easier to guess and therefore less secure.
– DustWolf
Dec 9 '16 at 13:16
add a comment |
7 Answers
7
active
oldest
votes
Use following command in Terminal:
sudo passwd <user>
Replace <user>
with the username whose password you wish to change.
This works because passwd
suppresses all checks for length or entropy when you use it as the root user.
Warning: if the target user has an encrypted home directory, this will
cause problems!
(see comments below)
1
This does not work. It does not provide the information required.
– NlightNFotis
Aug 25 '12 at 19:17
25
It does work. If you are root it will not force you to fallow the password strength requirements.
– user72421
Aug 25 '12 at 19:56
3
This works fine for me. I'm able to set a user's password toa
using this method, on an Ubuntu 12.04 LTS system.
– Eliah Kagan
Sep 8 '12 at 1:35
10
This will cause problems when you have an encrypted home directory, as it breaks the automatic decryption of theecryptfs
passphrase.
– guntbert
Jan 16 '14 at 22:37
3
@guntbert is right: Forcing the password this way the user won't be able to login again if his/her home directory is encrypted, so this is not the right solution in these cases.
– fuenfundachtzig
Aug 28 '14 at 8:55
|
show 4 more comments
By default, Ubuntu requires a minimum password length of 6 characters, as well as some basic entropy checks. These values are controlled in the file /etc/pam.d/common-password, which is outlined below.
password [success=2 default=ignore] pam_unix.so obscure sha512
If you would like to adjust the minimum length to 4 characters, add the appropriate variable (minlen=4) to the end of the line. The modification is outlined below.
password [success=2 default=ignore] pam_unix.so obscure sha512 minlen=4
Source.
1
I couldn't get min= to work and it doesn't match the man page, despite the Wiki page. Seems to be minlen=
– John S Gruber
Aug 25 '12 at 19:42
2
remove "obscure" for also disable complexity check
– Pisu
Jul 3 '13 at 8:38
4
sudo passwd user
seems more useful
– gyozo kudor
Mar 3 '14 at 14:50
add a comment |
Bring up a terminal and edit /etc/pam.d/common-password
Change this line:
password [success=1 default=ignore] pam_unix.so obscure sha512
to:
password [success=1 default=ignore] pam_unix.so obscure sha512 minlen=4
Password also need a certain amount of complexity, as specified by the obscure parameter above.
password [success=1 default=ignore] pam_unix.so minlen=2 sha512
removes that check also.
This all presupposes that you think this is wise.
See man pam_unix
These work on my system.
this works for ubuntu12.04
– David
May 23 '13 at 14:37
valid for 13.04 too
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:33
valid for 15.10 (Wily), too.
– kmonsoor
Jul 22 '16 at 13:29
add a comment |
This can be done with PAM pwdfile module.
The way described here changes only the desktop login (lightdm service), but can be applied to other services as well if you wish.
Also, this allows you to have your original strong password for "sudo", while maintaining a fairly easy way to login to Ubuntu desktop.
Commands can be issued in the terminal program.
Installing the software
First, we install a software package named libpam-pwdfile
:
sudo apt-get install libpam-pwdfile
Creating the user-password file
We will then create the user/password file. You will be prompted to enter a new PIN password. Your password will be encrypted and saved to a file named passwd.like
pinpass=$(mkpasswd -5)
echo "$pinpass" | sudo tee /etc/passwd.like
Alternatively, you may use: openssl passwd -1 yourpinpasswordhere
and create a file named /etc/passwd.like and that password.
Setting up the desktop login service
The next step is to prepare the desktop login service to accept the PIN password before other password procedures. I've mentioned already the name of the desktop login service, lightdm
.
Take a look at the file:
cat /etc/pam.d/lightdm
If you don't have this file, then your desktop (login) service is a different one, and you should find your desktop manager before going further. As explained before, this guide is for Ubuntu 16.04 but can be used for other login services as well.
It could be useful if you also create a backup:
sudo cp /etc/pam.d/lightdm /etc/pam.d/lightdm.backup
Now, you may edit the file using nano or gedit or any other text editor:
sudo gedit /etc/pam.d/lightdm
At the top of the file mine had:
#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
I have modified it like so:
#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
auth required pam_pwdfile.so pwdfile=/etc/passwd.like
auth required pam_permit.so
#@include common-auth
Save the file and close your text editor.
Log out and log back in.
You should be able to use the PIN password you set. By following this guide, the PIN password is only used for the desktop login service, not for the password of sudo commands.
Source: http://blog.radevic.com/2017/11/how-to-set-pin-password-or-short.html
1
interesting stuff. Can you please look at the related question that I just posted right after your answer, accidentally? Thanks.
– Miladiouss
Feb 1 '18 at 8:17
add a comment |
You can also use the -f option.
$passwd -f username
Changing password for user username.
New password:
Retype new password:
add a comment |
To set up a simple password, I tried the simple sudo passwd username
method, but it failed on my Ubuntu Server 12.04 LTS.
So I tried to remove the obscure
option from /etc/pam.d/common-passwd
config file, but it still failed.
So I also removed the obscure
option from /usr/share/pam-configs/unix
config file. And then it worked :-)
I do agree that it should be simplier, when acting as su
to set up a weak password, whatever the reason why one wants to do it! A warning saying "weak password, confirm?" would be perfect...
Narrow minded people have given negative votes on this excellent answer. The reference to "obscure" in /usr/share/pam-configs/unix is very important and relevant to some situations. Just because it doesn't work for you doesn't mean it's not a good answer. Lighten up on the negative votes guys and welcome someone with a viewpoint that's different than yours! You might be better informed at the end of the day.
– LMSingh
Mar 8 '17 at 3:21
In support of user171987's answer read the page at wiki.ubuntu.com/PAMConfigFrameworkSpec#config_file_format . It shows how the PAM configuration works and explains the profiles and their usage. The folder pam-configs holds various configurations and "unix" is just one of them.
– LMSingh
Mar 8 '17 at 3:30
On Ubuntu 18, it looks like it's sufficient to simply remove the 'obscure' option from /etc/pam.d/common-passwd -- there's no need to overly complicate things by also editing /usr/share/pam-configs/unix
– Gino
Dec 17 '17 at 19:45
add a comment |
In Ubuntu 18.04 none of other solutions worked for me. I had to replace both of these lines:
password requisite pam_cracklib.so retry=3 minlen=8 difok=3 dcredit=-1 enforce_for_root lcredit=-1 ocredit=-1 reject_username ucredit=-1
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
in /etc/pam.d/common-password
with:
password [success=1 default=ignore] pam_unix.so minlen=2 sha512
These changes let me changed my password easily and after changing password I restored file to it's original form.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f180402%2fhow-to-set-a-short-password-on-ubuntu%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
7 Answers
7
active
oldest
votes
7 Answers
7
active
oldest
votes
active
oldest
votes
active
oldest
votes
Use following command in Terminal:
sudo passwd <user>
Replace <user>
with the username whose password you wish to change.
This works because passwd
suppresses all checks for length or entropy when you use it as the root user.
Warning: if the target user has an encrypted home directory, this will
cause problems!
(see comments below)
1
This does not work. It does not provide the information required.
– NlightNFotis
Aug 25 '12 at 19:17
25
It does work. If you are root it will not force you to fallow the password strength requirements.
– user72421
Aug 25 '12 at 19:56
3
This works fine for me. I'm able to set a user's password toa
using this method, on an Ubuntu 12.04 LTS system.
– Eliah Kagan
Sep 8 '12 at 1:35
10
This will cause problems when you have an encrypted home directory, as it breaks the automatic decryption of theecryptfs
passphrase.
– guntbert
Jan 16 '14 at 22:37
3
@guntbert is right: Forcing the password this way the user won't be able to login again if his/her home directory is encrypted, so this is not the right solution in these cases.
– fuenfundachtzig
Aug 28 '14 at 8:55
|
show 4 more comments
Use following command in Terminal:
sudo passwd <user>
Replace <user>
with the username whose password you wish to change.
This works because passwd
suppresses all checks for length or entropy when you use it as the root user.
Warning: if the target user has an encrypted home directory, this will
cause problems!
(see comments below)
1
This does not work. It does not provide the information required.
– NlightNFotis
Aug 25 '12 at 19:17
25
It does work. If you are root it will not force you to fallow the password strength requirements.
– user72421
Aug 25 '12 at 19:56
3
This works fine for me. I'm able to set a user's password toa
using this method, on an Ubuntu 12.04 LTS system.
– Eliah Kagan
Sep 8 '12 at 1:35
10
This will cause problems when you have an encrypted home directory, as it breaks the automatic decryption of theecryptfs
passphrase.
– guntbert
Jan 16 '14 at 22:37
3
@guntbert is right: Forcing the password this way the user won't be able to login again if his/her home directory is encrypted, so this is not the right solution in these cases.
– fuenfundachtzig
Aug 28 '14 at 8:55
|
show 4 more comments
Use following command in Terminal:
sudo passwd <user>
Replace <user>
with the username whose password you wish to change.
This works because passwd
suppresses all checks for length or entropy when you use it as the root user.
Warning: if the target user has an encrypted home directory, this will
cause problems!
(see comments below)
Use following command in Terminal:
sudo passwd <user>
Replace <user>
with the username whose password you wish to change.
This works because passwd
suppresses all checks for length or entropy when you use it as the root user.
Warning: if the target user has an encrypted home directory, this will
cause problems!
(see comments below)
edited Apr 13 '17 at 12:24
Community♦
1
1
answered Aug 25 '12 at 19:08
user72421user72421
2,301188
2,301188
1
This does not work. It does not provide the information required.
– NlightNFotis
Aug 25 '12 at 19:17
25
It does work. If you are root it will not force you to fallow the password strength requirements.
– user72421
Aug 25 '12 at 19:56
3
This works fine for me. I'm able to set a user's password toa
using this method, on an Ubuntu 12.04 LTS system.
– Eliah Kagan
Sep 8 '12 at 1:35
10
This will cause problems when you have an encrypted home directory, as it breaks the automatic decryption of theecryptfs
passphrase.
– guntbert
Jan 16 '14 at 22:37
3
@guntbert is right: Forcing the password this way the user won't be able to login again if his/her home directory is encrypted, so this is not the right solution in these cases.
– fuenfundachtzig
Aug 28 '14 at 8:55
|
show 4 more comments
1
This does not work. It does not provide the information required.
– NlightNFotis
Aug 25 '12 at 19:17
25
It does work. If you are root it will not force you to fallow the password strength requirements.
– user72421
Aug 25 '12 at 19:56
3
This works fine for me. I'm able to set a user's password toa
using this method, on an Ubuntu 12.04 LTS system.
– Eliah Kagan
Sep 8 '12 at 1:35
10
This will cause problems when you have an encrypted home directory, as it breaks the automatic decryption of theecryptfs
passphrase.
– guntbert
Jan 16 '14 at 22:37
3
@guntbert is right: Forcing the password this way the user won't be able to login again if his/her home directory is encrypted, so this is not the right solution in these cases.
– fuenfundachtzig
Aug 28 '14 at 8:55
1
1
This does not work. It does not provide the information required.
– NlightNFotis
Aug 25 '12 at 19:17
This does not work. It does not provide the information required.
– NlightNFotis
Aug 25 '12 at 19:17
25
25
It does work. If you are root it will not force you to fallow the password strength requirements.
– user72421
Aug 25 '12 at 19:56
It does work. If you are root it will not force you to fallow the password strength requirements.
– user72421
Aug 25 '12 at 19:56
3
3
This works fine for me. I'm able to set a user's password to
a
using this method, on an Ubuntu 12.04 LTS system.– Eliah Kagan
Sep 8 '12 at 1:35
This works fine for me. I'm able to set a user's password to
a
using this method, on an Ubuntu 12.04 LTS system.– Eliah Kagan
Sep 8 '12 at 1:35
10
10
This will cause problems when you have an encrypted home directory, as it breaks the automatic decryption of the
ecryptfs
passphrase.– guntbert
Jan 16 '14 at 22:37
This will cause problems when you have an encrypted home directory, as it breaks the automatic decryption of the
ecryptfs
passphrase.– guntbert
Jan 16 '14 at 22:37
3
3
@guntbert is right: Forcing the password this way the user won't be able to login again if his/her home directory is encrypted, so this is not the right solution in these cases.
– fuenfundachtzig
Aug 28 '14 at 8:55
@guntbert is right: Forcing the password this way the user won't be able to login again if his/her home directory is encrypted, so this is not the right solution in these cases.
– fuenfundachtzig
Aug 28 '14 at 8:55
|
show 4 more comments
By default, Ubuntu requires a minimum password length of 6 characters, as well as some basic entropy checks. These values are controlled in the file /etc/pam.d/common-password, which is outlined below.
password [success=2 default=ignore] pam_unix.so obscure sha512
If you would like to adjust the minimum length to 4 characters, add the appropriate variable (minlen=4) to the end of the line. The modification is outlined below.
password [success=2 default=ignore] pam_unix.so obscure sha512 minlen=4
Source.
1
I couldn't get min= to work and it doesn't match the man page, despite the Wiki page. Seems to be minlen=
– John S Gruber
Aug 25 '12 at 19:42
2
remove "obscure" for also disable complexity check
– Pisu
Jul 3 '13 at 8:38
4
sudo passwd user
seems more useful
– gyozo kudor
Mar 3 '14 at 14:50
add a comment |
By default, Ubuntu requires a minimum password length of 6 characters, as well as some basic entropy checks. These values are controlled in the file /etc/pam.d/common-password, which is outlined below.
password [success=2 default=ignore] pam_unix.so obscure sha512
If you would like to adjust the minimum length to 4 characters, add the appropriate variable (minlen=4) to the end of the line. The modification is outlined below.
password [success=2 default=ignore] pam_unix.so obscure sha512 minlen=4
Source.
1
I couldn't get min= to work and it doesn't match the man page, despite the Wiki page. Seems to be minlen=
– John S Gruber
Aug 25 '12 at 19:42
2
remove "obscure" for also disable complexity check
– Pisu
Jul 3 '13 at 8:38
4
sudo passwd user
seems more useful
– gyozo kudor
Mar 3 '14 at 14:50
add a comment |
By default, Ubuntu requires a minimum password length of 6 characters, as well as some basic entropy checks. These values are controlled in the file /etc/pam.d/common-password, which is outlined below.
password [success=2 default=ignore] pam_unix.so obscure sha512
If you would like to adjust the minimum length to 4 characters, add the appropriate variable (minlen=4) to the end of the line. The modification is outlined below.
password [success=2 default=ignore] pam_unix.so obscure sha512 minlen=4
Source.
By default, Ubuntu requires a minimum password length of 6 characters, as well as some basic entropy checks. These values are controlled in the file /etc/pam.d/common-password, which is outlined below.
password [success=2 default=ignore] pam_unix.so obscure sha512
If you would like to adjust the minimum length to 4 characters, add the appropriate variable (minlen=4) to the end of the line. The modification is outlined below.
password [success=2 default=ignore] pam_unix.so obscure sha512 minlen=4
Source.
edited Aug 25 '12 at 19:48
answered Aug 25 '12 at 19:17
NlightNFotisNlightNFotis
2,26011126
2,26011126
1
I couldn't get min= to work and it doesn't match the man page, despite the Wiki page. Seems to be minlen=
– John S Gruber
Aug 25 '12 at 19:42
2
remove "obscure" for also disable complexity check
– Pisu
Jul 3 '13 at 8:38
4
sudo passwd user
seems more useful
– gyozo kudor
Mar 3 '14 at 14:50
add a comment |
1
I couldn't get min= to work and it doesn't match the man page, despite the Wiki page. Seems to be minlen=
– John S Gruber
Aug 25 '12 at 19:42
2
remove "obscure" for also disable complexity check
– Pisu
Jul 3 '13 at 8:38
4
sudo passwd user
seems more useful
– gyozo kudor
Mar 3 '14 at 14:50
1
1
I couldn't get min= to work and it doesn't match the man page, despite the Wiki page. Seems to be minlen=
– John S Gruber
Aug 25 '12 at 19:42
I couldn't get min= to work and it doesn't match the man page, despite the Wiki page. Seems to be minlen=
– John S Gruber
Aug 25 '12 at 19:42
2
2
remove "obscure" for also disable complexity check
– Pisu
Jul 3 '13 at 8:38
remove "obscure" for also disable complexity check
– Pisu
Jul 3 '13 at 8:38
4
4
sudo passwd user
seems more useful– gyozo kudor
Mar 3 '14 at 14:50
sudo passwd user
seems more useful– gyozo kudor
Mar 3 '14 at 14:50
add a comment |
Bring up a terminal and edit /etc/pam.d/common-password
Change this line:
password [success=1 default=ignore] pam_unix.so obscure sha512
to:
password [success=1 default=ignore] pam_unix.so obscure sha512 minlen=4
Password also need a certain amount of complexity, as specified by the obscure parameter above.
password [success=1 default=ignore] pam_unix.so minlen=2 sha512
removes that check also.
This all presupposes that you think this is wise.
See man pam_unix
These work on my system.
this works for ubuntu12.04
– David
May 23 '13 at 14:37
valid for 13.04 too
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:33
valid for 15.10 (Wily), too.
– kmonsoor
Jul 22 '16 at 13:29
add a comment |
Bring up a terminal and edit /etc/pam.d/common-password
Change this line:
password [success=1 default=ignore] pam_unix.so obscure sha512
to:
password [success=1 default=ignore] pam_unix.so obscure sha512 minlen=4
Password also need a certain amount of complexity, as specified by the obscure parameter above.
password [success=1 default=ignore] pam_unix.so minlen=2 sha512
removes that check also.
This all presupposes that you think this is wise.
See man pam_unix
These work on my system.
this works for ubuntu12.04
– David
May 23 '13 at 14:37
valid for 13.04 too
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:33
valid for 15.10 (Wily), too.
– kmonsoor
Jul 22 '16 at 13:29
add a comment |
Bring up a terminal and edit /etc/pam.d/common-password
Change this line:
password [success=1 default=ignore] pam_unix.so obscure sha512
to:
password [success=1 default=ignore] pam_unix.so obscure sha512 minlen=4
Password also need a certain amount of complexity, as specified by the obscure parameter above.
password [success=1 default=ignore] pam_unix.so minlen=2 sha512
removes that check also.
This all presupposes that you think this is wise.
See man pam_unix
These work on my system.
Bring up a terminal and edit /etc/pam.d/common-password
Change this line:
password [success=1 default=ignore] pam_unix.so obscure sha512
to:
password [success=1 default=ignore] pam_unix.so obscure sha512 minlen=4
Password also need a certain amount of complexity, as specified by the obscure parameter above.
password [success=1 default=ignore] pam_unix.so minlen=2 sha512
removes that check also.
This all presupposes that you think this is wise.
See man pam_unix
These work on my system.
edited Aug 25 '12 at 19:41
answered Aug 25 '12 at 19:33
John S GruberJohn S Gruber
11.6k32959
11.6k32959
this works for ubuntu12.04
– David
May 23 '13 at 14:37
valid for 13.04 too
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:33
valid for 15.10 (Wily), too.
– kmonsoor
Jul 22 '16 at 13:29
add a comment |
this works for ubuntu12.04
– David
May 23 '13 at 14:37
valid for 13.04 too
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:33
valid for 15.10 (Wily), too.
– kmonsoor
Jul 22 '16 at 13:29
this works for ubuntu12.04
– David
May 23 '13 at 14:37
this works for ubuntu12.04
– David
May 23 '13 at 14:37
valid for 13.04 too
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:33
valid for 13.04 too
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:33
valid for 15.10 (Wily), too.
– kmonsoor
Jul 22 '16 at 13:29
valid for 15.10 (Wily), too.
– kmonsoor
Jul 22 '16 at 13:29
add a comment |
This can be done with PAM pwdfile module.
The way described here changes only the desktop login (lightdm service), but can be applied to other services as well if you wish.
Also, this allows you to have your original strong password for "sudo", while maintaining a fairly easy way to login to Ubuntu desktop.
Commands can be issued in the terminal program.
Installing the software
First, we install a software package named libpam-pwdfile
:
sudo apt-get install libpam-pwdfile
Creating the user-password file
We will then create the user/password file. You will be prompted to enter a new PIN password. Your password will be encrypted and saved to a file named passwd.like
pinpass=$(mkpasswd -5)
echo "$pinpass" | sudo tee /etc/passwd.like
Alternatively, you may use: openssl passwd -1 yourpinpasswordhere
and create a file named /etc/passwd.like and that password.
Setting up the desktop login service
The next step is to prepare the desktop login service to accept the PIN password before other password procedures. I've mentioned already the name of the desktop login service, lightdm
.
Take a look at the file:
cat /etc/pam.d/lightdm
If you don't have this file, then your desktop (login) service is a different one, and you should find your desktop manager before going further. As explained before, this guide is for Ubuntu 16.04 but can be used for other login services as well.
It could be useful if you also create a backup:
sudo cp /etc/pam.d/lightdm /etc/pam.d/lightdm.backup
Now, you may edit the file using nano or gedit or any other text editor:
sudo gedit /etc/pam.d/lightdm
At the top of the file mine had:
#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
I have modified it like so:
#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
auth required pam_pwdfile.so pwdfile=/etc/passwd.like
auth required pam_permit.so
#@include common-auth
Save the file and close your text editor.
Log out and log back in.
You should be able to use the PIN password you set. By following this guide, the PIN password is only used for the desktop login service, not for the password of sudo commands.
Source: http://blog.radevic.com/2017/11/how-to-set-pin-password-or-short.html
1
interesting stuff. Can you please look at the related question that I just posted right after your answer, accidentally? Thanks.
– Miladiouss
Feb 1 '18 at 8:17
add a comment |
This can be done with PAM pwdfile module.
The way described here changes only the desktop login (lightdm service), but can be applied to other services as well if you wish.
Also, this allows you to have your original strong password for "sudo", while maintaining a fairly easy way to login to Ubuntu desktop.
Commands can be issued in the terminal program.
Installing the software
First, we install a software package named libpam-pwdfile
:
sudo apt-get install libpam-pwdfile
Creating the user-password file
We will then create the user/password file. You will be prompted to enter a new PIN password. Your password will be encrypted and saved to a file named passwd.like
pinpass=$(mkpasswd -5)
echo "$pinpass" | sudo tee /etc/passwd.like
Alternatively, you may use: openssl passwd -1 yourpinpasswordhere
and create a file named /etc/passwd.like and that password.
Setting up the desktop login service
The next step is to prepare the desktop login service to accept the PIN password before other password procedures. I've mentioned already the name of the desktop login service, lightdm
.
Take a look at the file:
cat /etc/pam.d/lightdm
If you don't have this file, then your desktop (login) service is a different one, and you should find your desktop manager before going further. As explained before, this guide is for Ubuntu 16.04 but can be used for other login services as well.
It could be useful if you also create a backup:
sudo cp /etc/pam.d/lightdm /etc/pam.d/lightdm.backup
Now, you may edit the file using nano or gedit or any other text editor:
sudo gedit /etc/pam.d/lightdm
At the top of the file mine had:
#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
I have modified it like so:
#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
auth required pam_pwdfile.so pwdfile=/etc/passwd.like
auth required pam_permit.so
#@include common-auth
Save the file and close your text editor.
Log out and log back in.
You should be able to use the PIN password you set. By following this guide, the PIN password is only used for the desktop login service, not for the password of sudo commands.
Source: http://blog.radevic.com/2017/11/how-to-set-pin-password-or-short.html
1
interesting stuff. Can you please look at the related question that I just posted right after your answer, accidentally? Thanks.
– Miladiouss
Feb 1 '18 at 8:17
add a comment |
This can be done with PAM pwdfile module.
The way described here changes only the desktop login (lightdm service), but can be applied to other services as well if you wish.
Also, this allows you to have your original strong password for "sudo", while maintaining a fairly easy way to login to Ubuntu desktop.
Commands can be issued in the terminal program.
Installing the software
First, we install a software package named libpam-pwdfile
:
sudo apt-get install libpam-pwdfile
Creating the user-password file
We will then create the user/password file. You will be prompted to enter a new PIN password. Your password will be encrypted and saved to a file named passwd.like
pinpass=$(mkpasswd -5)
echo "$pinpass" | sudo tee /etc/passwd.like
Alternatively, you may use: openssl passwd -1 yourpinpasswordhere
and create a file named /etc/passwd.like and that password.
Setting up the desktop login service
The next step is to prepare the desktop login service to accept the PIN password before other password procedures. I've mentioned already the name of the desktop login service, lightdm
.
Take a look at the file:
cat /etc/pam.d/lightdm
If you don't have this file, then your desktop (login) service is a different one, and you should find your desktop manager before going further. As explained before, this guide is for Ubuntu 16.04 but can be used for other login services as well.
It could be useful if you also create a backup:
sudo cp /etc/pam.d/lightdm /etc/pam.d/lightdm.backup
Now, you may edit the file using nano or gedit or any other text editor:
sudo gedit /etc/pam.d/lightdm
At the top of the file mine had:
#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
I have modified it like so:
#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
auth required pam_pwdfile.so pwdfile=/etc/passwd.like
auth required pam_permit.so
#@include common-auth
Save the file and close your text editor.
Log out and log back in.
You should be able to use the PIN password you set. By following this guide, the PIN password is only used for the desktop login service, not for the password of sudo commands.
Source: http://blog.radevic.com/2017/11/how-to-set-pin-password-or-short.html
This can be done with PAM pwdfile module.
The way described here changes only the desktop login (lightdm service), but can be applied to other services as well if you wish.
Also, this allows you to have your original strong password for "sudo", while maintaining a fairly easy way to login to Ubuntu desktop.
Commands can be issued in the terminal program.
Installing the software
First, we install a software package named libpam-pwdfile
:
sudo apt-get install libpam-pwdfile
Creating the user-password file
We will then create the user/password file. You will be prompted to enter a new PIN password. Your password will be encrypted and saved to a file named passwd.like
pinpass=$(mkpasswd -5)
echo "$pinpass" | sudo tee /etc/passwd.like
Alternatively, you may use: openssl passwd -1 yourpinpasswordhere
and create a file named /etc/passwd.like and that password.
Setting up the desktop login service
The next step is to prepare the desktop login service to accept the PIN password before other password procedures. I've mentioned already the name of the desktop login service, lightdm
.
Take a look at the file:
cat /etc/pam.d/lightdm
If you don't have this file, then your desktop (login) service is a different one, and you should find your desktop manager before going further. As explained before, this guide is for Ubuntu 16.04 but can be used for other login services as well.
It could be useful if you also create a backup:
sudo cp /etc/pam.d/lightdm /etc/pam.d/lightdm.backup
Now, you may edit the file using nano or gedit or any other text editor:
sudo gedit /etc/pam.d/lightdm
At the top of the file mine had:
#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
I have modified it like so:
#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
auth required pam_pwdfile.so pwdfile=/etc/passwd.like
auth required pam_permit.so
#@include common-auth
Save the file and close your text editor.
Log out and log back in.
You should be able to use the PIN password you set. By following this guide, the PIN password is only used for the desktop login service, not for the password of sudo commands.
Source: http://blog.radevic.com/2017/11/how-to-set-pin-password-or-short.html
answered Feb 1 '18 at 7:35
Savvas RadevicSavvas Radevic
6,38213244
6,38213244
1
interesting stuff. Can you please look at the related question that I just posted right after your answer, accidentally? Thanks.
– Miladiouss
Feb 1 '18 at 8:17
add a comment |
1
interesting stuff. Can you please look at the related question that I just posted right after your answer, accidentally? Thanks.
– Miladiouss
Feb 1 '18 at 8:17
1
1
interesting stuff. Can you please look at the related question that I just posted right after your answer, accidentally? Thanks.
– Miladiouss
Feb 1 '18 at 8:17
interesting stuff. Can you please look at the related question that I just posted right after your answer, accidentally? Thanks.
– Miladiouss
Feb 1 '18 at 8:17
add a comment |
You can also use the -f option.
$passwd -f username
Changing password for user username.
New password:
Retype new password:
add a comment |
You can also use the -f option.
$passwd -f username
Changing password for user username.
New password:
Retype new password:
add a comment |
You can also use the -f option.
$passwd -f username
Changing password for user username.
New password:
Retype new password:
You can also use the -f option.
$passwd -f username
Changing password for user username.
New password:
Retype new password:
answered Feb 16 at 1:19
Will AEWill AE
111
111
add a comment |
add a comment |
To set up a simple password, I tried the simple sudo passwd username
method, but it failed on my Ubuntu Server 12.04 LTS.
So I tried to remove the obscure
option from /etc/pam.d/common-passwd
config file, but it still failed.
So I also removed the obscure
option from /usr/share/pam-configs/unix
config file. And then it worked :-)
I do agree that it should be simplier, when acting as su
to set up a weak password, whatever the reason why one wants to do it! A warning saying "weak password, confirm?" would be perfect...
Narrow minded people have given negative votes on this excellent answer. The reference to "obscure" in /usr/share/pam-configs/unix is very important and relevant to some situations. Just because it doesn't work for you doesn't mean it's not a good answer. Lighten up on the negative votes guys and welcome someone with a viewpoint that's different than yours! You might be better informed at the end of the day.
– LMSingh
Mar 8 '17 at 3:21
In support of user171987's answer read the page at wiki.ubuntu.com/PAMConfigFrameworkSpec#config_file_format . It shows how the PAM configuration works and explains the profiles and their usage. The folder pam-configs holds various configurations and "unix" is just one of them.
– LMSingh
Mar 8 '17 at 3:30
On Ubuntu 18, it looks like it's sufficient to simply remove the 'obscure' option from /etc/pam.d/common-passwd -- there's no need to overly complicate things by also editing /usr/share/pam-configs/unix
– Gino
Dec 17 '17 at 19:45
add a comment |
To set up a simple password, I tried the simple sudo passwd username
method, but it failed on my Ubuntu Server 12.04 LTS.
So I tried to remove the obscure
option from /etc/pam.d/common-passwd
config file, but it still failed.
So I also removed the obscure
option from /usr/share/pam-configs/unix
config file. And then it worked :-)
I do agree that it should be simplier, when acting as su
to set up a weak password, whatever the reason why one wants to do it! A warning saying "weak password, confirm?" would be perfect...
Narrow minded people have given negative votes on this excellent answer. The reference to "obscure" in /usr/share/pam-configs/unix is very important and relevant to some situations. Just because it doesn't work for you doesn't mean it's not a good answer. Lighten up on the negative votes guys and welcome someone with a viewpoint that's different than yours! You might be better informed at the end of the day.
– LMSingh
Mar 8 '17 at 3:21
In support of user171987's answer read the page at wiki.ubuntu.com/PAMConfigFrameworkSpec#config_file_format . It shows how the PAM configuration works and explains the profiles and their usage. The folder pam-configs holds various configurations and "unix" is just one of them.
– LMSingh
Mar 8 '17 at 3:30
On Ubuntu 18, it looks like it's sufficient to simply remove the 'obscure' option from /etc/pam.d/common-passwd -- there's no need to overly complicate things by also editing /usr/share/pam-configs/unix
– Gino
Dec 17 '17 at 19:45
add a comment |
To set up a simple password, I tried the simple sudo passwd username
method, but it failed on my Ubuntu Server 12.04 LTS.
So I tried to remove the obscure
option from /etc/pam.d/common-passwd
config file, but it still failed.
So I also removed the obscure
option from /usr/share/pam-configs/unix
config file. And then it worked :-)
I do agree that it should be simplier, when acting as su
to set up a weak password, whatever the reason why one wants to do it! A warning saying "weak password, confirm?" would be perfect...
To set up a simple password, I tried the simple sudo passwd username
method, but it failed on my Ubuntu Server 12.04 LTS.
So I tried to remove the obscure
option from /etc/pam.d/common-passwd
config file, but it still failed.
So I also removed the obscure
option from /usr/share/pam-configs/unix
config file. And then it worked :-)
I do agree that it should be simplier, when acting as su
to set up a weak password, whatever the reason why one wants to do it! A warning saying "weak password, confirm?" would be perfect...
edited Jul 2 '13 at 12:08
Aditya
9,353125589
9,353125589
answered Jul 2 '13 at 12:05
user171987user171987
11
11
Narrow minded people have given negative votes on this excellent answer. The reference to "obscure" in /usr/share/pam-configs/unix is very important and relevant to some situations. Just because it doesn't work for you doesn't mean it's not a good answer. Lighten up on the negative votes guys and welcome someone with a viewpoint that's different than yours! You might be better informed at the end of the day.
– LMSingh
Mar 8 '17 at 3:21
In support of user171987's answer read the page at wiki.ubuntu.com/PAMConfigFrameworkSpec#config_file_format . It shows how the PAM configuration works and explains the profiles and their usage. The folder pam-configs holds various configurations and "unix" is just one of them.
– LMSingh
Mar 8 '17 at 3:30
On Ubuntu 18, it looks like it's sufficient to simply remove the 'obscure' option from /etc/pam.d/common-passwd -- there's no need to overly complicate things by also editing /usr/share/pam-configs/unix
– Gino
Dec 17 '17 at 19:45
add a comment |
Narrow minded people have given negative votes on this excellent answer. The reference to "obscure" in /usr/share/pam-configs/unix is very important and relevant to some situations. Just because it doesn't work for you doesn't mean it's not a good answer. Lighten up on the negative votes guys and welcome someone with a viewpoint that's different than yours! You might be better informed at the end of the day.
– LMSingh
Mar 8 '17 at 3:21
In support of user171987's answer read the page at wiki.ubuntu.com/PAMConfigFrameworkSpec#config_file_format . It shows how the PAM configuration works and explains the profiles and their usage. The folder pam-configs holds various configurations and "unix" is just one of them.
– LMSingh
Mar 8 '17 at 3:30
On Ubuntu 18, it looks like it's sufficient to simply remove the 'obscure' option from /etc/pam.d/common-passwd -- there's no need to overly complicate things by also editing /usr/share/pam-configs/unix
– Gino
Dec 17 '17 at 19:45
Narrow minded people have given negative votes on this excellent answer. The reference to "obscure" in /usr/share/pam-configs/unix is very important and relevant to some situations. Just because it doesn't work for you doesn't mean it's not a good answer. Lighten up on the negative votes guys and welcome someone with a viewpoint that's different than yours! You might be better informed at the end of the day.
– LMSingh
Mar 8 '17 at 3:21
Narrow minded people have given negative votes on this excellent answer. The reference to "obscure" in /usr/share/pam-configs/unix is very important and relevant to some situations. Just because it doesn't work for you doesn't mean it's not a good answer. Lighten up on the negative votes guys and welcome someone with a viewpoint that's different than yours! You might be better informed at the end of the day.
– LMSingh
Mar 8 '17 at 3:21
In support of user171987's answer read the page at wiki.ubuntu.com/PAMConfigFrameworkSpec#config_file_format . It shows how the PAM configuration works and explains the profiles and their usage. The folder pam-configs holds various configurations and "unix" is just one of them.
– LMSingh
Mar 8 '17 at 3:30
In support of user171987's answer read the page at wiki.ubuntu.com/PAMConfigFrameworkSpec#config_file_format . It shows how the PAM configuration works and explains the profiles and their usage. The folder pam-configs holds various configurations and "unix" is just one of them.
– LMSingh
Mar 8 '17 at 3:30
On Ubuntu 18, it looks like it's sufficient to simply remove the 'obscure' option from /etc/pam.d/common-passwd -- there's no need to overly complicate things by also editing /usr/share/pam-configs/unix
– Gino
Dec 17 '17 at 19:45
On Ubuntu 18, it looks like it's sufficient to simply remove the 'obscure' option from /etc/pam.d/common-passwd -- there's no need to overly complicate things by also editing /usr/share/pam-configs/unix
– Gino
Dec 17 '17 at 19:45
add a comment |
In Ubuntu 18.04 none of other solutions worked for me. I had to replace both of these lines:
password requisite pam_cracklib.so retry=3 minlen=8 difok=3 dcredit=-1 enforce_for_root lcredit=-1 ocredit=-1 reject_username ucredit=-1
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
in /etc/pam.d/common-password
with:
password [success=1 default=ignore] pam_unix.so minlen=2 sha512
These changes let me changed my password easily and after changing password I restored file to it's original form.
add a comment |
In Ubuntu 18.04 none of other solutions worked for me. I had to replace both of these lines:
password requisite pam_cracklib.so retry=3 minlen=8 difok=3 dcredit=-1 enforce_for_root lcredit=-1 ocredit=-1 reject_username ucredit=-1
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
in /etc/pam.d/common-password
with:
password [success=1 default=ignore] pam_unix.so minlen=2 sha512
These changes let me changed my password easily and after changing password I restored file to it's original form.
add a comment |
In Ubuntu 18.04 none of other solutions worked for me. I had to replace both of these lines:
password requisite pam_cracklib.so retry=3 minlen=8 difok=3 dcredit=-1 enforce_for_root lcredit=-1 ocredit=-1 reject_username ucredit=-1
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
in /etc/pam.d/common-password
with:
password [success=1 default=ignore] pam_unix.so minlen=2 sha512
These changes let me changed my password easily and after changing password I restored file to it's original form.
In Ubuntu 18.04 none of other solutions worked for me. I had to replace both of these lines:
password requisite pam_cracklib.so retry=3 minlen=8 difok=3 dcredit=-1 enforce_for_root lcredit=-1 ocredit=-1 reject_username ucredit=-1
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
in /etc/pam.d/common-password
with:
password [success=1 default=ignore] pam_unix.so minlen=2 sha512
These changes let me changed my password easily and after changing password I restored file to it's original form.
answered Feb 19 at 9:47
Rehan HaiderRehan Haider
1314
1314
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f180402%2fhow-to-set-a-short-password-on-ubuntu%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
Why do u want to set a short password? That is not safe, try you change the password from root account even if you forced to do.
– karthick87
Aug 25 '12 at 18:48
14
@karthick87 because my home computer is not Fort Knox. If strangers are messing with my desktop then I have bigger concerns than my computer.
– Torben Gundtofte-Bruun
Sep 18 '13 at 18:24
2
@karthick87 Why a short password? Ubuntu might run as a virtual machine and your virtualization software lacks copy and paste functionality for the command line of Linux guests (like Parallels desktop for Mac 8.0 does miss), then you want to access Ubuntu with a short password, or even better without a password at all.
– Pro Backup
Feb 12 '14 at 10:08
@karthick87 Fixing the parameters of what a password should be like, makes a password easier to guess and therefore less secure.
– DustWolf
Dec 9 '16 at 13:16