Ok, add minother and minupperalpha , minother will require the user to add a special character and minupperalpha as you can guess needs an upper case alphabet.
TEST
As root, create a file, let's call it pdictlst, and make sure only root has read\write permissions.
Add a user's username to the file and save it.
Use the chuser command to set the password dictionary for that user to this file:
chuser dictionlist=/path/to/pdictlst username
As that user, attempt to change the password to the username. You should receive an error:
Passwords must not match words in the dictionary.
IMPLEMENTATION
To enable this system-wide, make a copy of the default dictionary file /usr/share/dict/words. Add all the usernames to this file, then run the following command:
chuser dictionlist=/path/to/words
Now the dictionary password check will check both dictionary words and usernames. If the words file is not installed, I believe it is in the bos.data fileset.
Thanks all for these replies. I have checked it and it works. But only thing is every time we need to enter the User name in this dict file. There are so many users in system and now applying this to working systems will be hectic. Is there any work around.
Regarding post 6, I suppose if users are LDAP authenticated, then it is out of the unix system's control, whatever flavour they are. You would need to ensure that whatever LDAP server you use, that the rules can be applied there too.
Exactly. You can use a local pasword verification mechanism too (in addition, respectively), but usually the ultimate verification is on the LDAP server. In most cases this means some PAM-modules one of which should deny passwords which are equal to user names.
It is also possible to get the user information via LDAP and verify the passwords via Kerberos (actually this is what "Active Directory" does). In this case you need to configure the Kerberos server with the respective rule.