How do I disable dictionary checking for Linux passwords?

We do not recommend you disable dictionary checking or allow null (blank) passwords. The instructions below are provided for systems administrators who fully understand and accept the implications.

If you do not want passwords or permutations of them to be checked against a dictionary of words, you are not interested in checking passwords for their relative security quality or if they have been used before, and you are aware of the security implications of this, here’s how to disable the additional checks:

    • Make a backup copy of the file /etc/pam.d/system-auth:
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.`date +%Y%m%d.%H%M%S`
    • Edit this file with a text editor:
vim /etc/pam.d/system-auth
  • Remove (or comment out) the line that references the pam_cracklib.so module. On the following line, remove the use_authok option. For example, the new file might look like:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so

password    sufficient    /lib/security/$ISA/pam_unix.so nullok md5 shadow
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

Resources: