Information
The pwquality maxrepeat option sets the maximum number of allowed same consecutive characters in a new password.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
Solution
Create or modify a file ending inconf in the /etc/security/pwquality.conf.d/ directory or the file /etc/security/pwquality.conf and add or modify the following line to set maxrepeat to 3 or less and not 0 Ensure setting conforms to local site policy:
Example:
#!/usr/bin/env bash
{
sed -ri 's/^s*maxrepeats*=/# &/' /etc/security/pwquality.conf
[ ! -d /etc/security/pwquality.conf.d/ ] && mkdir /etc/security/pwquality.conf.d/
printf '
%s' "maxrepeat = 3" > /etc/security/pwquality.conf.d/50-pwrepeat.conf
}
Run the following command:
# grep -Pl -- 'bpam_pwquality.soh+([^#
r]+h+)?maxrepeatb' /usr/share/pam-configs/*
Edit any returned files and remove the maxrepeat argument from the pam_pwquality.so line(s):