How to set a short password on Ubuntu?
Why do u want to set a short password? That is not safe, try you change the password from root account even if you forced to do.
@karthick87 because my home computer is not Fort Knox. If strangers are messing with my desktop then I have bigger concerns than my computer.
@karthick87 Why a short password? Ubuntu might run as a virtual machine and your virtualization software lacks copy and paste functionality for the command line of Linux guests (like Parallels desktop for Mac 8.0 does miss), then you want to access Ubuntu with a short password, or even better without a password at all.
@karthick87 Fixing the parameters of what a password should be like, makes a password easier to guess and therefore less secure.
6 Answers 6
Use following command in Terminal:
Replace with the username whose password you wish to change.
This works because passwd suppresses all checks for length or entropy when you use it as the root user.
Warning: if the target user has an encrypted home directory, this will cause problems! (see comments below)
This works fine for me. I’m able to set a user’s password to a using this method, on an Ubuntu 12.04 LTS system.
This will cause problems when you have an encrypted home directory, as it breaks the automatic decryption of the ecryptfs passphrase.
@guntbert is right: Forcing the password this way the user won’t be able to login again if his/her home directory is encrypted, so this is not the right solution in these cases.
Be aware that this doesn’t update the gnome keyring, which leads to an error like «The password for the gnome keyring is not the same as the login password.»
By default, Ubuntu requires a minimum password length of 6 characters, as well as some basic entropy checks. These values are controlled in the file /etc/pam.d/common-password, which is outlined below.
password [success=2 default=ignore] pam_unix.so obscure sha512
If you would like to adjust the minimum length to 4 characters, add the appropriate variable (minlen=4) to the end of the line. The modification is outlined below.
password [success=2 default=ignore] pam_unix.so obscure sha512 minlen=4
I couldn’t get min= to work and it doesn’t match the man page, despite the Wiki page. Seems to be minlen=
Bring up a terminal and edit /etc/pam.d/common-password
password [success=1 default=ignore] pam_unix.so obscure sha512
password [success=1 default=ignore] pam_unix.so obscure sha512 minlen=4
Password also need a certain amount of complexity, as specified by the obscure parameter above.
password [success=1 default=ignore] pam_unix.so minlen=2 sha512
This all presupposes that you think this is wise.
In Ubuntu 18.04 none of other solutions worked for me. I had to replace both of these lines:
password requisite pam_cracklib.so retry=3 minlen=8 difok=3 dcredit=-1 enforce_for_root lcredit=-1 ocredit=-1 reject_username ucredit=-1 password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
in /etc/pam.d/common-password with:
password [success=1 default=ignore] pam_unix.so minlen=2 sha512
These changes let me changed my password easily and after changing password I restored file to it’s original form.
To set up a simple password, I tried the simple sudo passwd username method, but it failed on my Ubuntu Server 12.04 LTS.
So I tried to remove the obscure option from /etc/pam.d/common-passwd config file, but it still failed.
So I also removed the obscure option from /usr/share/pam-configs/unix config file. And then it worked 🙂
I do agree that it should be simplier, when acting as su to set up a weak password, whatever the reason why one wants to do it! A warning saying «weak password, confirm?» would be perfect.
Narrow minded people have given negative votes on this excellent answer. The reference to «obscure» in /usr/share/pam-configs/unix is very important and relevant to some situations. Just because it doesn’t work for you doesn’t mean it’s not a good answer. Lighten up on the negative votes guys and welcome someone with a viewpoint that’s different than yours! You might be better informed at the end of the day.
In support of user171987’s answer read the page at wiki.ubuntu.com/PAMConfigFrameworkSpec#config_file_format . It shows how the PAM configuration works and explains the profiles and their usage. The folder pam-configs holds various configurations and «unix» is just one of them.
On Ubuntu 18, it looks like it’s sufficient to simply remove the ‘obscure’ option from /etc/pam.d/common-passwd — there’s no need to overly complicate things by also editing /usr/share/pam-configs/unix
Worked for me in 20.04 Server, thank you. I removed obscure and added minlen=1 , both actions were required.
This can be done with PAM pwdfile module.
The way described here changes only the desktop login (lightdm service), but can be applied to other services as well if you wish.
Also, this allows you to have your original strong password for «sudo», while maintaining a fairly easy way to login to Ubuntu desktop.
Commands can be issued in the terminal program.
Installing the software
First, we install a software package named libpam-pwdfile :
sudo apt-get install libpam-pwdfile
Creating the user-password file
We will then create the user/password file. You will be prompted to enter a new PIN password. Your password will be encrypted and saved to a file named passwd.like
pinpass=$(mkpasswd -5) echo "$pinpass" | sudo tee /etc/passwd.like
Alternatively, you may use: openssl passwd -1 yourpinpasswordhere and create a file named /etc/passwd.like and that password.
Setting up the desktop login service
The next step is to prepare the desktop login service to accept the PIN password before other password procedures. I’ve mentioned already the name of the desktop login service, lightdm .
If you don’t have this file, then your desktop (login) service is a different one, and you should find your desktop manager before going further. As explained before, this guide is for Ubuntu 16.04 but can be used for other login services as well.
It could be useful if you also create a backup:
sudo cp /etc/pam.d/lightdm /etc/pam.d/lightdm.backup
Now, you may edit the file using nano or gedit or any other text editor:
sudo gedit /etc/pam.d/lightdm
At the top of the file mine had:
#%PAM-1.0 auth requisite pam_nologin.so auth sufficient pam_succeed_if.so user ingroup nopasswdlogin @include common-auth
I have modified it like so:
#%PAM-1.0 auth requisite pam_nologin.so auth sufficient pam_succeed_if.so user ingroup nopasswdlogin auth required pam_pwdfile.so pwdfile=/etc/passwd.like auth required pam_permit.so #@include common-auth
Save the file and close your text editor.
You should be able to use the PIN password you set. By following this guide, the PIN password is only used for the desktop login service, not for the password of sudo commands.
How to change/disable password complexity test when changing password?
I know that it is a «bad» idea, I know that it is not secure, I know. I searched the net for an answer and all I saw was whining that it’s not good. But I like using Linux because it lets me make the system I want and like to use. The end of intro. I try to change password:
user:~% passwd Changing password for user. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: You must choose a longer password
If I try sudo passwd user then I can set any password I want so I don’t need password complexity checks for passwd on my system. After googling I’ve found that there should be PAM module pam_cracklib that tests password for complexity and it can be configured. But my PAM password settings doesn’t include pam_cracklib:
% cat /etc/pam.d/passwd | grep '^[^#]' @include common-password % cat /etc/pam.d/common-password | grep '^[^#]' password [success=1 default=ignore] pam_unix.so obscure sha512 password requisite pam_deny.so password required pam_permit.so password optional pam_gnome_keyring.so
I guess that pam_unix makes this test. Oops. Guys, the moment I finished to write this sentence I’ve got an enlightenment and typed man pam_unix in terminal where I’ve found needed options for pam_unix module. I just removed option obscure and added minlen=1 and now I’m happy. So now I have this line in /etc/pam.d/common-password :
password [success=1 default=ignore] pam_unix.so minlen=1 sha512
and I can set any password. I decided to keep this post for people who might need this solution also.