How to get rid of Linux password complexity requirements __linux

First, prepare the work installs PAM's Cracklib module, Cracklib can provide the additional password examination ability. Debian, Ubuntu, or Linux Mint systems: 1 $ sudo apt-get install libpam-cracklib CentOS, Fedora, RHEL system has been installed by default Cracklib PAM module, so in this
There is no need to perform the above operation on some systems.
Note: Password policies in this tutorial are valid only for non-root users and are not valid for root users. Second, prohibit the use of the old password to find the "password" and "pam_unix.so" field and attach a "remember=5" line, it means that the use of the last 5 password (the password will be used to be saved in the/etc/security/
OPASSWD below). Debian, Ubuntu or Linux Mint systems: 1 2 $ sudo vi/etc/pam.d/common-password password [success=1 default=ignore] pam_unix.so o Bscure sha512 remember=5 CentOS, Fedora, RHEL system: 1 2 $ sudo vi/etc/pam.d/system-auth password sufficient pamunix.so the Sha51 2 Shadow Nullok Tryfirstpass Useauthtok remember=5 Three, set the minimum password length find the "password" and "pam_cracklib.so" fields and append "minlen=10" that Line, which indicates that the minimum password length is (10-type quantity). The "Number of types" here represents the number of different character types. PAM provides 4 types of symbols as passwords (uppercase, lowercase, digits, and punctuation).
If your password uses these 4 types of symbols at the same time, and the Minlen is set to 10, the shortest password length allows 6 characters. Debian, Ubuntu, or Linux Mint systems: 1 2 $ sudo vi/etc/pam.d/common-password password requisite pam_cracklib.so retry=3 Minlen =10 difok=3 CentOS, FedorA, RHEL system: 1 2 $ sudo vi/etc/pam.d/system-auth password requisite pam_cracklib.so retry=3 difok=3 minlen=10 Four, set password complexity find The line with "password" and "pam_cracklib.so" fields and a "Ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1" is appended, which indicates that the password must contain at least one uppercase letter (Ucredit)
, two lowercase letters (lcredit), a number (Dcredit), and a punctuation mark (ocredit). Debian, Ubuntu, or Linux Mint systems: 1 2 $ sudo vi/etc/pam.d/common-password password requisite pam_cracklib.so retry=3 Minlen =10 difok=3 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1 CentOS, Fedora, RHEL system: 1 2 $ sudo vi/etc/pam.d/system-auth PASSW Ord requisite pam_cracklib.so retry=3 difok=3 minlen=10 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1 v. Setting password expiration time edit/etc/log In.defs file, you can set the current password expiration, the specific variables are as follows: 1 2 $ sudo vi/etc/login.defs passmaxdays passmindays 0 passwarnage 7 These settings require users to change every 6 months
Change their password and will alert the user 7 days in advance that the password is coming to an expiration date. If you want to set a different password age for each user, use the chage command. The following command can view a user's password period: $ sudo chage-l xmodulo last password change:dec 2013 password expires:never E:never account Expires:never Minimum nuMber between password change:0 Maximum number of days between password change:99999 number of days of Warnin
G before password expires:7 the user's password will never expire by default. The following command is used to modify the password period for Xmodulo users: 1 $ sudo chage-e 6/30/2014-m 5-m 90-i 30-w The above command will have the password period set to June 3, 2014. In addition, the minimum period for modifying a password is 5 days, and the maximum period is 90 days. 14 days before the password expires, a message is sent to alert the user that the expired account number will be locked for 30 days.