Warning: Only try this at home! Using weak passwords on a computer that this is accessable from the wild and dark Internet, is tantamount to walking up to a spammer and saying “I’d simply love to be part of your zombie network—where do I sign up?”. I could safely do the following because this server is not accessible from the Internet and never will be, it’s a local test box for my own personal use.
After soul searching I found I didn’t feel coming up and then remembering a complicated enough password to make PAM happy, ie. not a dictionary word, long enough etc.
Turns out my problem has a name, and that name is pam_cracklib.so. Ms. CrackLib will diligently check a new password against her dictionary and then check whether it is significantly different from the previous version, whether it is long enough, etc. Much of what she does is negotiable, but the dictionary check in the beginning she won’t budge on.
So either we mess with her dictionary reading abilities—by say giving her a blank dictionary or hiding her glasses—or we take her out of the loop completely. I opted for the latter and set about cutting her out of my life.
The surgery took place in
/etc/pam.d/system-auth. I took the following lines:
password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
and turned them into:
#password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass
Just commented out the
pam_cracklib.so line and removed the
use_authtok from the line below, otherwise passwd complains about
Authentication information cannot be recovered