How to disable user accounts and enhance password authentication in Ubuntu

Instead of deleting a user account in Ubuntu , it is possible to manually disable it (lock it) or unlock it.
If an account is locked or disabled and someone tries to access it , the following message will show up :”This account is currently not available.”

Locking a user account

In order to lock a user account, type in the following command:

sudo passwd -l the_user_name

To unlock a user account, type in:

sudo passwd -u the_user_name

Password strengthening

In order to secure user accounts a strong password is required. There is a module in PAM (Pluggable Authentication Modules) called the ‘pam_cracklib‘ that helps achieve this high level of authentication security by forcing the user to implement a complex or a strong password.

To install ‘pam_cracklib‘ , proceed as follows :

sudo apt install libpam-cracklib

Now for the configuration , you will need to edit the file /etc/pam.d/common-password : type in :

sudo cp /etc/pam.d/common-password /root/

sudo nano /etc/pam.d/common-password

In order now to force users to utilize strong passwords ( contain special characters , uppercase, lowercase and digits as well as punctuation) . look up the line below :

password requisite pam_cracklib.so retry=3 minlen=8 difok=3

And change it as follows :

password requisite pam_cracklib.so retry=3 minlen=16 difok=3 ucredit=-1 lcredit=-2 dcredit=-2 ocredit=-2

Where,

  • retry=3 : The user is prompted at most 3 times before an error is returned. The default is 1.
  • minlen=16 : The minimum new password size.
  • difok=3 : Defines the number of character changes between the new password and the old one..
  • ucredit=-1 : The new password must contain at least one uppercase character.
  • lcredit=-2 : The new password must have at least two lowercase characters.
  • dcredit=-2 : The new password must have at least two digits.
  • ocredit=-2 : The new password must have at least two symbols.

amin nahdy

Amin Nahdy, an aspiring software engineer and a computer geek by nature as well as an avid Ubuntu and open source user. He is interested in information technology especially Linux based ecosystem as well as Windows and MacOS. He loves to share and disseminate knowledge to others in a transparent and responsible way.

Leave a Reply

Close Menu