Instead of deleting a user account in Ubuntu , it is possible to manually disable it (lock it) or unlock it.
If an account is locked or disabled and someone tries to access it , the following message will show up :”This account is currently not available.”
Locking a user account
In order to lock a user account, type in the following command:
sudo passwd -l the_user_name
To unlock a user account, type in:
sudo passwd -u the_user_name
In order to secure user accounts a strong password is required. There is a module in PAM (Pluggable Authentication Modules) called the ‘pam_cracklib‘ that helps achieve this high level of authentication security by forcing the user to implement a complex or a strong password.
To install ‘pam_cracklib‘ , proceed as follows :
sudo apt install libpam-cracklib
Now for the configuration , you will need to edit the file /etc/pam.d/common-password : type in :
sudo cp /etc/pam.d/common-password /root/
sudo nano /etc/pam.d/common-password
In order now to force users to utilize strong passwords ( contain special characters , uppercase, lowercase and digits as well as punctuation) . look up the line below :
password requisite pam_cracklib.so retry=3 minlen=8 difok=3
And change it as follows :
password requisite pam_cracklib.so retry=3 minlen=16 difok=3 ucredit=-1 lcredit=-2 dcredit=-2 ocredit=-2
- retry=3 : The user is prompted at most 3 times before an error is returned. The default is 1.
- minlen=16 : The minimum new password size.
- difok=3 : Defines the number of character changes between the new password and the old one..
- ucredit=-1 : The new password must contain at least one uppercase character.
- lcredit=-2 : The new password must have at least two lowercase characters.
- dcredit=-2 : The new password must have at least two digits.
- ocredit=-2 : The new password must have at least two symbols.