日本综合一区二区|亚洲中文天堂综合|日韩欧美自拍一区|男女精品天堂一区|欧美自拍第6页亚洲成人精品一区|亚洲黄色天堂一区二区成人|超碰91偷拍第一页|日韩av夜夜嗨中文字幕|久久蜜综合视频官网|精美人妻一区二区三区

RELATEED CONSULTING
相關(guān)咨詢
選擇下列產(chǎn)品馬上在線溝通
服務(wù)時間:8:30-17:00
你可能遇到了下面的問題
關(guān)閉右側(cè)工具欄

新聞中心

這里有您想知道的互聯(lián)網(wǎng)營銷解決方案
Linux設(shè)置強制密碼規(guī)則(linux強制密碼)

密碼安全是信息安全的重要組成部分,而強制密碼規(guī)則的設(shè)置則是保障密碼強度的重要措施之一。Linux操作系統(tǒng)在默認的情況下并沒有設(shè)置強制密碼規(guī)則,因此需要手動設(shè)置,以確保密碼的安全性。在本文中,將介紹的步驟和實例。

1. 確認是否安裝Linux-PAM

在進行之前,需要先確認系統(tǒng)是否安裝了Linux-PAM(Pluggable Authentication Modules)。按下列命令確認:

$ rpm -qa | grep pam

如果命令返回結(jié)果中包含“pam”則表示已安裝。如果未安裝,則可以通過以下命令進行安裝:

$ sudo apt-get install libpam-cracklib

2. 修改PAM設(shè)置

一般情況下,PAM的設(shè)置文件為/etc/pam.d/password-auth或/etc/pam.d/common-password??梢酝ㄟ^以下命令打開文件:

$ sudo vi /etc/pam.d/password-auth

$ sudo vi /etc/pam.d/common-password

在打開的文件中找到以下行:

password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=

在該行中添加以下參數(shù):

enforce_for_root minlen=8 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2

參數(shù)介紹:

enforce_for_root:表示該規(guī)則對root用戶也生效(默認只對普通用戶生效);

minlen=8:表示密碼最少為8位(也可以設(shè)置其他值);

ucredit=-2:表示密碼中至少包含2個大寫字母;

lcredit=-2:表示密碼中至少包含2個小寫字母;

dcredit=-2:表示密碼中至少包含2個數(shù)字;

ocredit=-2:表示密碼中至少包含2個特殊字符。

修改后的行應(yīng)該如下所示:

password requisite pam_pwquality.so enforce_for_root minlen=8 ucredit=-2 lcredit=-2 dcredit=-2 ocredit=-2 retry=3 authtok_type=

3. PAM密碼規(guī)則測試

修改后,需要進行一次密碼測試,以確保規(guī)則設(shè)置正確。運行以下命令:

$ passwd

輸入新密碼時,如果不符合規(guī)則,則會顯示一個錯誤消息。如果符合規(guī)則,則會顯示確認消息。

通過以上步驟,成功設(shè)置了Linux強制密碼規(guī)則??梢愿鶕?jù)需要進行調(diào)整,以達到更高的密碼安全級別。

成都網(wǎng)站建設(shè)公司-創(chuàng)新互聯(lián)為您提供網(wǎng)站建設(shè)、網(wǎng)站制作、網(wǎng)頁設(shè)計及定制高端網(wǎng)站建設(shè)服務(wù)!

如何使linux用戶下次登錄強制修改密碼

第二行的意叢姿思是將“agetest”字符燃賣串作為passwd的標準輸入。 該命令相當于 # passwd agetest New unix password: agetest retype New unix password: agetest 也就說這行命令實現(xiàn)無交皮鄭逗互的改密碼,可以運用到腳本中。

linux如何設(shè)置一般用戶密碼必須達到一定強度?還有3月強制更改一次密碼

密碼復(fù)雜度在

# vim /etc/pam.d/system-auth里

找到password requisite pam_cracklib.so在后面可以加 difok=x(要x個不同字符) minlen=x(最小密碼長度) ucredit=-x(最少x個大寫字母) lcredit=-x(最少x個小寫字母) dcredit=-x (最少x個數(shù)字)dictpath=/usr/share/cracklib/pw_dict

時間在

# vim /etc/login.defs

PASS_MAX_DAYS(更大什么時櫻局候過期)

PASS_MIN_DAYS (最小什么事后過期)

PASS_MIN_LEN (密碼最小長度)

PASS_WARN_AGE (警告天數(shù))

我們在使用linux系統(tǒng)設(shè)置密碼的時候,經(jīng)常遇到這樣的問題,系統(tǒng)提示:您的密碼太簡單,或者您的密碼是字典的一部分。那么系統(tǒng)是如何實現(xiàn)對用戶的密碼的復(fù)雜度的檢查的呢?

系統(tǒng)對密襪差碼的控制是有兩部分(我知道的)組成:

1 cracklib

2 login.defs

聲明:login.defs主要是控制密碼的有效期。對密碼進行時間管理。此處不細談

login.defs –shadow password suite configuration

pam_cracklib.so 才是控制密碼復(fù)雜度的關(guān)鍵文件

redhat公司專門開發(fā)了cracklib這個安裝包來判斷密碼的復(fù)雜度

可以rpm -ql cracklib查看

密碼的復(fù)告頌皮雜度的判斷是通過pam模塊控制來實現(xiàn)的,具體的模塊是pam_cracklibpam_cracklib 的參數(shù)介紹:

debug

This option makes the module write information to syslog(3) indicating the behavior of the module (this option does not write password information to the log file).

type=XXX

The default action is for the module to use the following prompts when requesting passwords: “New UNIX password: ” and “Retype UNIX password: “. The default word UNIX can be replaced with this option.

retry=N

Prompt user at most N times before returning with error. The default is 1

difok=N

This argument will change the default of 5 for the number of characters in the new password that must not be present in the old password. In addition, if 1/2 of the characters in the new password are different then the new password will be accepted anyway.

difignore=N

How many characters should the password have before difok will be ignored. The default is 23.

minlen=N

The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9 which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system. Note that there is a pair of length limits in Cracklib itself, a “way too short” limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to minlen. If you want to allow passwords as short as 5 characters you should not use this module.

dcredit=N

(N >= 0) This is the maximum credit for having digits in the new password. If you have less than or N digits, each digit will count +1 towards meeting the current minlen value. The default for dcredit is 1 which is the recommended value for minlen less than 10.

(N = 0) This is the maximum credit for having upper case letters in the new password. If you have less than or N upper case letters each letter will count +1 towards meeting the current minlen value. The default for ucredit is 1 which is the recommended value for minlen less than 10.

(N > 0) This is the minimum number of upper case letters that must be met for a new password.

lcredit=N

(N >= 0) This is the maximum credit for having lower case letters in the new password. If you have less than or N lower case letters, each letter will count +1 towards meeting the current minlen value. The default for lcredit is 1 which is the recommended value for minlen less than 10.

(N = 0) This is the maximum credit for having other characters in the new password. If you have less than or N other characters, each character will count +1 towards meeting the current minlen value. The default for ocredit is 1 which is the recommended value for minlen less than 10.

(N

use_authtok

This argument is used to force the module to not prompt the user for a new password but use the one provided by the previously stacked password module.

dictpath=/path/to/dict

Path to the cracklib dictionaries.

dictpath=/path/to/dict //注:密碼字典,這個是驗證用戶的密碼是否是字典一部分的關(guān)鍵。

Path to the cracklib dictionaries.

cracklib密碼強度檢測過程

首先檢查密碼是否是字典的一部分,如果不是,則進行下面的檢查

密碼強度檢測過程

These checks are:

Palindrome

Is the new password a palindrome of the old one?

新密碼是否舊密碼的回文

Case Change Only

Is the new password the the old one with only a change of case?

新密碼是否只是就密碼改變了大小寫

Similar

Is the new password too much like the old one?

新密碼是否和舊密碼很相似

This is primarily controlled by one argument, difok which is a number of characters that if different between the old and new are enough to accept the new password, this defaults to 10 or 1/2 the size of the new password whichever is aller.

To avoid the lockup associated with trying to change a long and complicated password, difignore is available. This argument can be used to specify the minimum length a new password needs to be before the difok value is ignored. The default value for difignore is 23.

Simple

Is the new password too all?

新密碼是否太短

This is controlled by 5 arguments minlen, dcredit, ucredit, lcredit, and ocredit. See the section on the arguments for the details of how these work and there defaults.

Rotated

Is the new password a rotated version of the old password?

新密碼的字符是否是舊密碼字符的一個循環(huán)

例如舊密碼:123

新密碼:231

Already used

Was the password used in the past?

這個密碼以前是否使用過

Previously used passwords are to be found in /etc/security/opasswd.

那么系統(tǒng)是如何實現(xiàn)這個控制的呢?

在系統(tǒng)的配置文件/etc/pam.d/system-auth 中有這樣一行

password requisite pam_cracklib.so try_first_pass retry=3

我們可以根據(jù)pam_cracklib的參數(shù)這樣配置這個pam模塊來達到我們想要的目的

關(guān)于linux 強制密碼的介紹到此就結(jié)束了,不知道你從中找到你需要的信息了嗎 ?如果你還想了解更多這方面的信息,記得收藏關(guān)注本站。

創(chuàng)新互聯(lián)(cdcxhl.com)提供穩(wěn)定的云服務(wù)器,香港云服務(wù)器,BGP云服務(wù)器,雙線云服務(wù)器,高防云服務(wù)器,成都云服務(wù)器,服務(wù)器托管。精選鉅惠,歡迎咨詢:028-86922220。


文章標題:Linux設(shè)置強制密碼規(guī)則(linux強制密碼)
網(wǎng)頁鏈接:http://www.dlmjj.cn/article/cdpcpph.html