9.1.10.1. Authenticator ManagementΒΆ

Authenticator strength is enforced using pam_cracklib.so. The SIMP settings ensure that passwords:

  • Have at least four characters that are different from the previous password

  • Do not repeat a character more than two times in a row

  • Do not have the username (forward or reversed) in the password

  • Have at least one character from three of the four classes: upper, lower, number, special character

  • Have at least 14 characters

  • Are not the same as any of the previous 24 passwords

Passwords are hashed using the SHA512 algorithm. Each password is hashed using 1000 rounds.

References: IA-5 (1)(a), IA-5 (1)(e)