Product SiteDocumentation Site

A.5.3. pwpolicy (optional) - Change the Default Password Policy

This command can be used to set custom requirements (policy) such as length and strength for passwords set during the installation - the root password, user passwords and LUKS (disk encryption) password.
pwpolicy name [--minlen=length] [--minquality=quality] [--strict|nostrict] [--emptyok|noempty] [--changesok|nochanges]
The libpwquality library is used to check minimum password requirements (length and quality). You can use the pwscore and pwmake commands provided by the libpwquality package to check the quality score of your chosen password, or to create a random password with a given score. See the pwscore(1) and pwmake(1) man pages for details about these commands.


This command must be used inside the %anaconda section. See Section A.9, “%anaconda (optional) - Additional Anaconda Configuration” for details.
Name of the password entry. Supported values are root, user and luks for root password, user passwords and LUKS password, respectively.
Sets the minimum allowed password length. The default minimum length is 8.
Sets the minimum allowed password quality as defined by the libpwquality library. The default value is 50.
Strict password enforcement. Passwords not meeting the quality requirements specified in --minquality= will not be allowed. Enabled by default.
Passwords not meeting the minimum quality requirements specified in --minquality= will be allowed after Done is clicked twice.
Allow empty passwords. Enabled by default.
Do not allow empty passwords.
Allow changing the password in the user interface, even if the Kickstart file already specifies a password.
Do not allow changing passwords which are already set in the Kickstart file. Enabled by default.
An example use of the pwpolicy command is below:
pwpolicy root --minlen=10 --minquality=60 --strict --notempty --nochanges