Skip to main content
All CollectionsDevice ManagementPolicy management
Configuring the Linux Password Policy in Swif
Configuring the Linux Password Policy in Swif
Updated this week

Swif’s Linux Password Policy lets administrators enforce secure password requirements for Linux endpoints. You can set rules such as minimum length, required character classes, and even check passwords against a local dictionary of commonly used or easily guessed words.

1. Accessing the Policy Creation Screen

  1. In the Swif Admin Console, navigate to Device ManagementPolicy.

  2. Click Create New Policy (or Edit an existing policy).

  3. Under Basic Configurations, select Linux Password Policy.

You should now see fields similar to the screenshot below.


2. Configurable Fields

Below are some of the key fields you can set for a Linux Password Policy in Swif:

  • Policy Name
    A custom name to identify this particular policy.

  • Minimum Length
    The minimum number of characters a password must have.

  • Min Digits
    The minimum number of digits (0-9).

  • Min Upper Case
    The minimum number of uppercase letters (A-Z).

  • Min Lower Case
    The minimum number of lowercase letters (a-z).

  • Min Special Characters
    The minimum number of special symbols (e.g., !@#$%^&*()).

  • Max Different Characters from Previous Password
    Ensures that the new password is sufficiently different from the old one.

  • Minimum Character Classes
    Requires the password to use a certain number of character types (digits, uppercase, lowercase, symbols).

  • Max Consecutive Repeat
    Limits how many times the same character can appear in a row (e.g., “aaa” might be disallowed).

  • Max Class Repeat
    Limits how many times characters from the same class (digits, uppercase, lowercase, or special characters) can appear sequentially.

  • Check GEOCS
    Checks for any of your personal identifiers (like name or email) within the password and discourages using them.

  • Check Dictionary
    If true, the new password is compared against a specified dictionary file to block commonly used or guessed passwords.

    • Dictionary Path
      Where on the local Linux system the dictionary file is located (e.g., /usr/share/dict/words).

  • Check Username
    Ensures that the password does not contain a substring of the username.

    • Username Substring: The number of characters from the username to disallow in the password.

  • Retry Limit
    The maximum number of retry attempts allowed before locking the account.

  • Enforce for Root Users
    Whether the same password policy applies to the root account.

  • Maximum Days
    The maximum number of days a password can be used before it requires a change.

  • Minimum Days
    The minimum number of days required before a password can be changed again.

  • Warn Age Days
    The number of days before a password expires that the user is warned.

  • Apply Password Aging to Root User
    Whether the maximum, minimum, and warn age days also apply to root.

  • Remember Previous Passwords
    If enabled, it prevents users from reusing recent passwords.


3. Important Notice About Dictionary Checks

When Check Dictionary is set to true, Swif enforces a password check against a dictionary file on the Linux machine.

  • Dictionary Path defaults to something like /usr/share/dict/words but may vary by distribution.

  • If the specified dictionary file is missing or not installed on the device, the password validation will fail, and users will see an error message:

    BAD PASSWORD: The password fails the dictionary check - error loading dictionary

Preventing a Dictionary Error

  1. Use a Valid Path
    Make sure you specify the correct path to a dictionary file that actually exists on the device. For example, many Ubuntu and Debian-based systems use /usr/share/dict/words.

  2. Install the Dictionary Package
    On some Linux distributions, you may need to install a dictionary package. For Ubuntu or Debian-based systems:

    sudo apt-get update sudo apt-get install wamerican

    Or, for other locales, replace wamerican with a relevant dictionary package (e.g., wbritish, wcanadian, etc.).

  3. Point Swif to the Correct File
    In the Dictionary Path field, confirm that it matches the location where your dictionary is installed.

If the dictionary check cannot load the file, all password changes will fail on the device until either the dictionary is provided or the check is disabled.


4. Applying the Policy to Devices

  1. After configuring your policy, click Continue at the bottom of the Basic Configurations screen.

  2. Select which devices or device groups you want to apply the policy to.

  3. Review your settings, then click Save (or Apply).

Once saved, Swif will push the new password requirements to the specified Linux machines. All users (including root, if enabled) must meet these rules when setting or changing their passwords.


5. Common Troubleshooting Tips

  • User Sees “BAD PASSWORD: …” Error

    • Verify the dictionary path is correct and that the dictionary file exists.

    • Confirm the user’s password meets the other requirements (length, digits, uppercase, etc.).

  • Policy Not Applying

    • Ensure the device is enrolled and visible in your Swif admin console.

    • Check that the policy is assigned to the correct device group or hostname.

  • Root Account Not Enforced

    • Confirm you checked Enforce for Root Users and Apply Password Aging to Root User in the policy.


6. Contact Swif Support

If you have further questions or encounter persistent issues, please contact Swif Support. We’re happy to help ensure your Linux devices are both secure and user-friendly.


By following these steps and verifying your dictionary settings, you can prevent password-check errors on your Linux devices while enforcing strong password requirements for your organization.

Did this answer your question?