Should I use PAM for usermin password changes?

Hi, I’d like to enforce secure passwords on my system. PAM is configured to check passwords using cracklib.

Usermin has an option to use PAM for changing the password, too. It works as expected, but I loose the ability to read the password as clear text in virtualmin. That works only when I use the standard usermin script /usr/share/webmin/virtual-server/ (which does not use PAM).

Is there any way to enforce all PAM constraints for passwords, while still maintaining compatibility with virtualmin’s “show password” functionality?




While I’m not sure how to enforce all the specific constraints that PAM offers, the Usermin config does give you some control over what kind of password will be accepted.

In Webmin -> Webmin -> Usermin Configuration -> Usermin Module Configuration -> Change Password, you can select options such as:

  1. Minimum password length

  2. Prevent dictionary word passwords

  3. Perl regexp to check password against

  4. Prevent passwords containing username

  5. Password must be different from old

You can even select an external password checking program.

Are there additional options you’d like to see?