Product SiteDocumentation Site

A.5.3. pwpolicy (optional) - Change the Default Password Policy

This command can be used to set custom requirements (policy) such as length and strength for passwords set during the installation - the root password, user passwords and LUKS (disk encryption) password.
pwpolicy name [--minlen=length] [--minquality=quality] [--strict|nostrict] [--emptyok|noempty] [--changesok|nochanges]
The libpwquality library is used to check minimum password requirements (length and quality). You can use the pwscore and pwmake commands provided by the libpwquality package to check the quality score of your chosen password, or to create a random password with a given score. See the pwscore(1) and pwmake(1) man pages for details about these commands.

Important

This command must be used inside the %anaconda section. See Section A.9, “%anaconda (optional) - Additional Anaconda Configuration” for details.
name
Name of the password entry. Supported values are root, user and luks for root password, user passwords and LUKS password, respectively.
--minlen=
Sets the minimum allowed password length. The default minimum length is 8.
--minquality=
Sets the minimum allowed password quality as defined by the libpwquality library. The default value is 50.
--strict
Strict password enforcement. Passwords not meeting the quality requirements specified in --minquality= will not be allowed. Enabled by default.
--notstrict
Passwords not meeting the minimum quality requirements specified in --minquality= will be allowed after Done is clicked twice.
--emptyok
Allow empty passwords. Enabled by default.
--notempty
Do not allow empty passwords.
--changesok
Allow changing the password in the user interface, even if the Kickstart file already specifies a password.
--nochanges
Do not allow changing passwords which are already set in the Kickstart file. Enabled by default.
An example use of the pwpolicy command is below:
%anaconda
pwpolicy root --minlen=10 --minquality=60 --strict --notempty --nochanges
%end