1

My username is z, and my password contains z, and the system disallow me to use that password. The error is:

BAD PASSWORD: The password contains the user name in some form.

This is an error and I cannot get pass through. I Googled about this problem but cannot find any working answer. These are the things I tried:

  • Call passwd from root.
  • Change /etc/pam.d/system-auth and /etc/pam.d/password-auth: from requisite to optional on pam_pwquality.so or comment out that line. Commenting out result in error "passwd: Authentication token manipulation error".
  • Check /usr/sbin/authconfig --help, find no related option.
  • Change /etc/security/pwquality.conf, find no related option. Tried gecoscheck=0, didn't make any different.

Can anyone help me?

Improve this question
5
  • 2
    This password contains the user name restriction is meant for the security. Why you want to bypass that ?
    – C0deDaedalus
    Commented Mar 23, 2018 at 16:04
  • 1
    @C0deDaedalus, because he is using such a short username, the options for password are significantly limited (91^length rather than 92^length which for any reasonable length will eliminate millions or billions of passwords from selection), and thus signifigantly reduces the keyspace the password can be drawn from. the most secure choice would be to select a much longer username, but failing that, the rule is doing more harm than good in this specific case.
    – Frank Thomas
    Commented Mar 23, 2018 at 16:18
  • @FrankThomas, totally agree on that.
    – C0deDaedalus
    Commented Mar 23, 2018 at 16:20
  • 2
    Can't you change your user name to zw, for example? Not the answer you are looking for, but maybe the easiest work-round.
    – AFH
    Commented Mar 23, 2018 at 16:40
  • I always use z as my username and don't want to change that. I known change username can be an option, but I just want to find the way to solve this.
    – Zhexi Wang
    Commented Mar 27, 2018 at 8:19

4 Answers 4

Reset to default
3

Checking libpwquality code on github it looks like error message you get comes from this library. Probably called from PAM module, so you should start checking what you have in /etc/pam.d/passwd by default for password it only includes /etc/pam.d/system-auth. I think you were quite close, however, setting module as optional didn't work for you. I'd suggest commenting it out for test and setting gecoscheck=N either in pam or /etc/security/pwquality.conf

Simply commenting out the line in /etc/pam.d/system-auth may not work, however, you can try to update the file password section to something like this (only password section matters): password sufficient pam_unix.so sha512 password required pam_deny.so After that simply execute passwd user at try your favourite password. For me setting exectly the same user name and password worked, which is obviously not recommended from the system security perspective.

Improve this answer
5
  • Commenting out that line result in error "passwd: Authentication token manipulation error", and setting gecoscheck=N or gecoscheck=0 not making any different.
    – Zhexi Wang
    Commented Mar 27, 2018 at 8:23
  • I think it's because of some arguments of next password modules, try to update your /etc/pam.d/system-auth changing password section to this: password sufficient pam_unix.so sha512 password required pam_deny.so. I've also updated the answer, since formatting there makes it easier to read.
    – Marcin Stolarek
    Commented Apr 4, 2018 at 14:36
  • 1
    It works! To clarify, I commented out the pam_pwquality.so line and change the following line as this answer say and it let me pass. Thank you very much!
    – Zhexi Wang
    Commented Apr 9, 2018 at 8:20
  • yw, If you can click the up arrow for the answer I'll appreciate it - I'm new to the community so every point counts.
    – Marcin Stolarek
    Commented Apr 10, 2018 at 10:14
  • I would like to do that but I cannot, I don't have enough reputations...
    – Zhexi Wang
    Commented Apr 22, 2018 at 11:06
1

Yet another way is to copy the encrypted password from an existing password file (on another PC).

This means copying the password from the user myuser from the /etc/shadow file on one PC, without strict password checks:

[..]
sshd:!!:19571::::::
postfix:!!:19571::::::
myuser:$6$<some crypted login>:18472:0:99999:7:::
[..]

to the PC with more stickt password rules. Just copy the encrypted password

$6$<some crypted login>

into the new password file between the second and third colon : ($6$ is the type of encryption, the actual encrypted password is removed in this example).

You might also want a check of the /etc/passwd and /etc/shadow file ala

> pwck -r /etc/passwd /etc/shadow
user 'ftp': directory '/var/ftp' does not exist
pwck: no changes

(and a system reboot might be needed before the password change takes effect!?)

Improve this answer
0

Change the below option in /etc/pam.d/password.aut and /etc/pam.d/system.auth file

screenshot

This is working fine but need to put 4 times password.

Improve this answer
-1

I just tested,Call passwd from root will force update the user password although it will still show a warning message "BAD PASSWORD: The password contains the user name in some form " But the actual update works.

Improve this answer
1
  • As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.
    – Community Bot
    Commented Mar 6 at 15:37

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .