=====Secure Server Build=====

====PAM configuration====

To configure pam cracklib to require at least one uppercase character, lowercase character, digit, and other
(special) character, locate the following line in **/etc/pam.d/system-auth**

  password requisite pam_cracklib.so try_first_pass retry=3

and then alter it to read (placing the text on one line, which is not possible here):

  password required pam_cracklib.so try_first_pass retry=3 minlen=14 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1
  
To activate pam passwdqc, locate the following line in **/etc/pam.d/system-auth:**
  
  password requisite pam_cracklib.so try_first_pass retry=3
  
and then replace it with the line:

  password requisite pam_passwdqc.so min=disabled,disabled,16,12,8
  
To enforce password lockout, add to the top of the **auth lines**

  auth required pam_tally2.so deny=5 onerr=fail