We do not recommend you disable dictionary checking or allow null (blank) passwords. The instructions below are provided for systems administrators who fully understand and accept the implications.
If you do not want passwords or permutations of them to be checked against a dictionary of words, you are not interested in checking passwords for their relative security quality or if they have been used before, and you are aware of the security implications of this, here’s how to disable the additional checks:
- Make a backup copy of the file /etc/pam.d/system-auth:
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.`date +%Y%m%d.%H%M%S`
- Edit this file with a text editor:
vim /etc/pam.d/system-auth
- Remove (or comment out) the line that references the pam_cracklib.so module. On the following line, remove the use_authok option. For example, the new file might look like:
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so password sufficient /lib/security/$ISA/pam_unix.so nullok md5 shadow password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so
Resources: