7.1.10.1. Authenticator ManagementΒΆ
Authenticator strength is enforced using pam_cracklib.so. The SIMP settings ensure that passwords:
- Have at least four characters that are different from the previous password
- Do not repeat a character more than two times in a row
- Do not have the username (forward or reversed) in the password
- Have at lease one character from three of the four classes: upper, lower, number, special character
- Have at least 14 characters
- Are not the same as any of the previous 24 passwords
Passwords are hashed using the SHA512 algorithm. Each password is hashed using 1000 rounds.
References: IA-5 (1)(a), IA-5 (1)(e)