The rule of user password is not clear.

[shannonliang312]

Hello:
Through ‘/redfish/v1/AccountService’ , we can get the 'MaxPasswordLength' and 'MinPasswordLength' of user password, but no other restrictions.
When create/edit user from WEBUI, some password which matches the rule of length, like '1234abcd', '11111abc', '12345678a', still get the error message of invalid password from backend.
In the /etc/pam.d/common-password, I find some pam modules and there are some limitations about user password.

password	[success=ok default=die]	pam_ipmicheck.so spec_grp_name=ipmi
password	[success=ok default=die]	pam_cracklib.so debug enforce_for_root reject_username minlen=8 difok=0 use_authtok
password	[success=ok ignore=ignore default=die]	pam_pwhistory.so debug enforce_for_root remember=0 use_authtok
password	[success=ok default=die]	pam_unix.so sha512 use_authtok
password	[success=1 default=die] 	pam_ipmisave.so spec_grp_name=ipmi spec_pass_file=/etc/ipmi_pass key_file=/etc/key_file
password	requisite			pam_deny.so
password	required			pam_permit.so

But none of them could explain why the passwords mentioned above are invalid.
So I want to know where to find those definition of user password rules.
THANKS!(please forgive my poor English)

[rthomaiy]

pam_cracklib is used to strength check the password strength before accepting the same. Passwords must not confirm to dictionary words, palindrome etc. Please refer pam_cracklib for more details on allowed stuff.
Currently we restrict the password length to 8 characters at-least (note: we have not changed the default OpenBMC password, but you will not be able to set this password again to root, after updating the password).

I also see your reason. I guess we need to document certain OpenBMC package default restrictions in any document (say default configuration & settings / specification document ), as this can be changed by any person, don't want to capture it in architecture document.