Swif’s Linux Password Policy lets administrators enforce secure password requirements for Linux endpoints. You can set rules such as minimum length, required character classes, and even check passwords against a local dictionary of commonly used or easily guessed words.
1. Accessing the Policy Creation Screen
In the Swif Admin Console, navigate to Device Management → Policy.
Click Create New Policy (or Edit an existing policy).
Under Basic Configurations, select Linux Password Policy.
You should now see fields similar to the screenshot below.
2. Configurable Fields
Below are some of the key fields you can set for a Linux Password Policy in Swif:
Policy Name
A custom name to identify this particular policy.Minimum Length
The minimum number of characters a password must have.Min Digits
The minimum number of digits (0-9).Min Upper Case
The minimum number of uppercase letters (A-Z).Min Lower Case
The minimum number of lowercase letters (a-z).Min Special Characters
The minimum number of special symbols (e.g.,!@#$%^&*()
).Max Different Characters from Previous Password
Ensures that the new password is sufficiently different from the old one.Minimum Character Classes
Requires the password to use a certain number of character types (digits, uppercase, lowercase, symbols).Max Consecutive Repeat
Limits how many times the same character can appear in a row (e.g., “aaa” might be disallowed).Max Class Repeat
Limits how many times characters from the same class (digits, uppercase, lowercase, or special characters) can appear sequentially.Check GEOCS
Checks for any of your personal identifiers (like name or email) within the password and discourages using them.Check Dictionary
If true, the new password is compared against a specified dictionary file to block commonly used or guessed passwords.Dictionary Path
Where on the local Linux system the dictionary file is located (e.g.,/usr/share/dict/words
).
Check Username
Ensures that the password does not contain a substring of the username.Username Substring: The number of characters from the username to disallow in the password.
Retry Limit
The maximum number of retry attempts allowed before locking the account.Enforce for Root Users
Whether the same password policy applies to the root account.Maximum Days
The maximum number of days a password can be used before it requires a change.Minimum Days
The minimum number of days required before a password can be changed again.Warn Age Days
The number of days before a password expires that the user is warned.Apply Password Aging to Root User
Whether the maximum, minimum, and warn age days also apply to root.Remember Previous Passwords
If enabled, it prevents users from reusing recent passwords.
3. Important Notice About Dictionary Checks
When Check Dictionary is set to true, Swif enforces a password check against a dictionary file on the Linux machine.
Dictionary Path defaults to something like
/usr/share/dict/words
but may vary by distribution.If the specified dictionary file is missing or not installed on the device, the password validation will fail, and users will see an error message:
BAD PASSWORD: The password fails the dictionary check - error loading dictionary
Preventing a Dictionary Error
Use a Valid Path
Make sure you specify the correct path to a dictionary file that actually exists on the device. For example, many Ubuntu and Debian-based systems use/usr/share/dict/words
.Install the Dictionary Package
On some Linux distributions, you may need to install a dictionary package. For Ubuntu or Debian-based systems:sudo apt-get update sudo apt-get install wamerican
Or, for other locales, replace
wamerican
with a relevant dictionary package (e.g.,wbritish
,wcanadian
, etc.).Point Swif to the Correct File
In the Dictionary Path field, confirm that it matches the location where your dictionary is installed.
If the dictionary check cannot load the file, all password changes will fail on the device until either the dictionary is provided or the check is disabled.
4. Applying the Policy to Devices
After configuring your policy, click Continue at the bottom of the Basic Configurations screen.
Select which devices or device groups you want to apply the policy to.
Review your settings, then click Save (or Apply).
Once saved, Swif will push the new password requirements to the specified Linux machines. All users (including root, if enabled) must meet these rules when setting or changing their passwords.
5. Common Troubleshooting Tips
User Sees “BAD PASSWORD: …” Error
Verify the dictionary path is correct and that the dictionary file exists.
Confirm the user’s password meets the other requirements (length, digits, uppercase, etc.).
Policy Not Applying
Ensure the device is enrolled and visible in your Swif admin console.
Check that the policy is assigned to the correct device group or hostname.
Root Account Not Enforced
Confirm you checked Enforce for Root Users and Apply Password Aging to Root User in the policy.
6. Contact Swif Support
If you have further questions or encounter persistent issues, please contact Swif Support. We’re happy to help ensure your Linux devices are both secure and user-friendly.
By following these steps and verifying your dictionary settings, you can prevent password-check errors on your Linux devices while enforcing strong password requirements for your organization.