{
	"id": "e1c24256-9cc5-4292-aa44-8cfa1890dd09",
	"created_at": "2026-04-06T01:32:22.802076Z",
	"updated_at": "2026-04-10T03:21:41.588847Z",
	"deleted_at": null,
	"sha1_hash": "a72408912a461008c59483fe9b0b5a8a241d56b2",
	"title": "How to display password policy information for a user (Ubuntu)?",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 61289,
	"plain_text": "How to display password policy information for a user (Ubuntu)?\r\nPublished: 2010-06-09 · Archived: 2026-04-06 00:28:14 UTC\r\nThe OP confuses two different questions: policy and password length.\r\nAs already stated by @BillThor, password length is dealt with by the PAM module, under the not truly auspicious\r\nkeyword obscure , in the file /etc/pam.d/common-password, which contains the following line:\r\n password [success=1 default=ignore] pam_unix.so obscure sha512\r\nThe obscure keyword stands for (according to man pam_unix):\r\n obscure\r\n Enable some extra checks on password strength. These checks are based on the \"obscure\" checks in the\r\n original shadow package. The behavior is similar to the pam_cracklib module, but for\r\n non-dictionary-based checks. The following checks are implemented:\r\n Palindrome\r\n Verifies that the new password is not a palindrome of (i.e., the reverse of) the previous one.\r\n Case Change Only\r\n Verifies that the new password isn't the same as the old one with a change of case.\r\n Similar\r\n Verifies that the new password isn't too much like the previous one.\r\n Simple\r\n Is the new password too simple? This is based on the length of the password and the number of\r\n different types of characters (alpha, numeric, etc.) used.\r\n Rotated\r\n Is the new password a rotated version of the old password? (E.g., \"billy\" and \"illyb\")\r\nThe prescription by obscure can be overridden as follows: in /etc/pam.d/common-password, re-write the line\r\nabove as\r\n password [success=1 default=ignore] pam_unix.so obscure sha512 minlen=20\r\nor whatever you like.\r\nFinding exactly where the minimum length password is defined requires diving into the depths of pam:\r\nhttps://superuser.com/questions/150675/how-to-display-password-policy-information-for-a-user-ubuntu\r\nPage 1 of 3\n\n# apt-cache search pam_unix.so\r\n libpam-modules - Pluggable Authentication Modules for PAM\r\n # apt-get source libpam-modules\r\n... and then to find where the minimum passord length is defined:\r\n # grep -rl UNIX_MIN_PASS_LEN\r\n modules/pam_unix/support.h\r\n modules/pam_unix/support.c\r\n debian/patches-applied/007_modules_pam_unix\r\n debian/patches-applied/055_pam_unix_nullok_secure\r\nPerusing the debian patches you will see that the parameter UNIX_MIN_PASS_LEN (the 27th possible\r\nparameter) corresponds to a variable called minlen, which is set in /modules/pam_unix/support.c. However, one\r\nof the debian patches fixes pass_min_len : the file debian/patches-applied/007_modules_pam_unix contains the\r\nlines:\r\n - int pass_min_len = 0;\r\n + int pass_min_len = 6;\r\nand the file debian/Changelog specifies:\r\nFurther cleanups of 007_modules_pam_unix -- don't use a global variable for pass_min_len,\r\ndon't gratuitously move the length checking into the \"obscure\" checks, and internationalize the\r\nerror strings.\r\nI always disliked PAM, and for this reason: to locate a trivial parameter like the minimum password length, it\r\nobliges you to look into the source code.\r\nThe information displayed by chage -l username is instead completely contained in the /etc/shadow file: The\r\nMan page states:\r\nshadow is a file which contains the password information for the system's accounts and optional aging\r\ninformation.\r\nThe fields of each entry are:\r\nLogin name, encrypted password, date of last password change, minimum password age, maximum\r\npassword age, password warning period, password inactivity period, account expiration date, plus a\r\nreserved field for future use.\r\nJust to double check, an strace of the chage command shows which files are opened,\r\n # strace -e trace=open -f chage -l myusername\r\n open(\"/etc/ld.so.cache\", O_RDONLY|O_CLOEXEC) = 3\r\nhttps://superuser.com/questions/150675/how-to-display-password-policy-information-for-a-user-ubuntu\r\nPage 2 of 3\n\nopen(\"/lib/x86_64-linux-gnu/libselinux.so.1\", O_RDONLY|O_CLOEXEC) = 3\r\n open(\"/lib/x86_64-linux-gnu/libc.so.6\", O_RDONLY|O_CLOEXEC) = 3\r\n open(\"/lib/x86_64-linux-gnu/libpcre.so.3\", O_RDONLY|O_CLOEXEC) = 3\r\n open(\"/lib/x86_64-linux-gnu/libdl.so.2\", O_RDONLY|O_CLOEXEC) = 3\r\n open(\"/proc/filesystems\", O_RDONLY) = 3\r\n open(\"/usr/lib/locale/locale-archive\", O_RDONLY|O_CLOEXEC) = 3\r\n open(\"/etc/passwd\", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW) = 3\r\n open(\"/etc/shadow\", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW) = 4\r\n open(\"/usr/share/locale/locale.alias\", O_RDONLY|O_CLOEXEC) = 5\r\n open(\"/usr/share/locale/en_US/LC_MESSAGES/shadow.mo\", O_RDONLY) = -1 ENOENT (No such file or directory)\r\n open(\"/usr/share/locale/en/LC_MESSAGES/shadow.mo\", O_RDONLY) = -1 ENOENT (No such file or directory)\r\n open(\"/usr/share/locale-langpack/en_US/LC_MESSAGES/shadow.mo\", O_RDONLY) = -1 ENOENT (No such file or directo\r\n open(\"/usr/share/locale-langpack/en/LC_MESSAGES/shadow.mo\", O_RDONLY) = -1 ENOENT (No such file or directory)\r\n open(\"/etc/localtime\", O_RDONLY|O_CLOEXEC) = 5\r\n Last password change : mag 05, 2014\r\n Password expires : never\r\n Password inactive : never\r\n Account expires : never\r\n Minimum number of days between password change : 0\r\n Maximum number of days between password change : 99999\r\n Number of days of warning before password expires : 7\r\n +++ exited with 0 +++\r\nSource: https://superuser.com/questions/150675/how-to-display-password-policy-information-for-a-user-ubuntu\r\nhttps://superuser.com/questions/150675/how-to-display-password-policy-information-for-a-user-ubuntu\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://superuser.com/questions/150675/how-to-display-password-policy-information-for-a-user-ubuntu"
	],
	"report_names": [
		"how-to-display-password-policy-information-for-a-user-ubuntu"
	],
	"threat_actors": [],
	"ts_created_at": 1775439142,
	"ts_updated_at": 1775791301,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a72408912a461008c59483fe9b0b5a8a241d56b2.pdf",
		"text": "https://archive.orkl.eu/a72408912a461008c59483fe9b0b5a8a241d56b2.txt",
		"img": "https://archive.orkl.eu/a72408912a461008c59483fe9b0b5a8a241d56b2.jpg"
	}
}