Bear with me for a moment. I'm doing a college exercise setting up a VM and I'm having a very hard time understanding what PAM is and actually works. All the results that come on google are either too basic or too complex and I really don't know what to look up. My exercise requires me to set up a bunch of rules for both normal users and root:
To set up a strong password policy, you have to comply with the following requirements:
I haven't been able to find any good sites that explain how PAM works in a good way however I found that for the normal user I need to edit /etc/pam.d/common-password with:
password requisite pam_pwquality.so retry=3 minlen=10 ucredit=-1 dcredit=-1 maxrepeat=3 reject_username difok=7 enforce_for_root
Although I don't understand how PAM works I do understand it's flags. My question is how do I set up different rules for root?
Note that root is not asked for an old password so the checks that compare the old and new password are not performed. So, basically, the phrase
The following rule does not apply to the root password
means you can't make difok=7 work for root and not that you must create a separate rule for root.