How to get rid of Linux password complexity requirements __linux

Source: Internet
Author: User
Tags auth uppercase letter centos linux mint
First, prepare the work installs PAM's Cracklib module, Cracklib can provide the additional password examination ability. Debian, Ubuntu, or Linux Mint systems: 1 $ sudo apt-get install libpam-cracklib CentOS, Fedora, RHEL system has been installed by default Cracklib PAM module, so in this
There is no need to perform the above operation on some systems.
Note: Password policies in this tutorial are valid only for non-root users and are not valid for root users. Second, prohibit the use of the old password to find the "password" and "pam_unix.so" field and attach a "remember=5" line, it means that the use of the last 5 password (the password will be used to be saved in the/etc/security/
OPASSWD below). Debian, Ubuntu or Linux Mint systems: 1 2 $ sudo vi/etc/pam.d/common-password password [success=1 default=ignore] pam_unix.so o Bscure sha512 remember=5 CentOS, Fedora, RHEL system: 1 2 $ sudo vi/etc/pam.d/system-auth password sufficient pamunix.so the Sha51 2 Shadow Nullok Tryfirstpass Useauthtok remember=5 Three, set the minimum password length find the "password" and "pam_cracklib.so" fields and append "minlen=10" that Line, which indicates that the minimum password length is (10-type quantity). The "Number of types" here represents the number of different character types. PAM provides 4 types of symbols as passwords (uppercase, lowercase, digits, and punctuation).
If your password uses these 4 types of symbols at the same time, and the Minlen is set to 10, the shortest password length allows 6 characters. Debian, Ubuntu, or Linux Mint systems: 1 2 $ sudo vi/etc/pam.d/common-password password requisite pam_cracklib.so retry=3 Minlen =10 difok=3 CentOS, FedorA, RHEL system: 1 2 $ sudo vi/etc/pam.d/system-auth password requisite pam_cracklib.so retry=3 difok=3 minlen=10 Four, set password complexity find The line with "password" and "pam_cracklib.so" fields and a "Ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1" is appended, which indicates that the password must contain at least one uppercase letter (Ucredit)
, two lowercase letters (lcredit), a number (Dcredit), and a punctuation mark (ocredit). Debian, Ubuntu, or Linux Mint systems: 1 2 $ sudo vi/etc/pam.d/common-password password requisite pam_cracklib.so retry=3 Minlen =10 difok=3 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1 CentOS, Fedora, RHEL system: 1 2 $ sudo vi/etc/pam.d/system-auth PASSW Ord requisite pam_cracklib.so retry=3 difok=3 minlen=10 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1 v. Setting password expiration time edit/etc/log In.defs file, you can set the current password expiration, the specific variables are as follows: 1 2 $ sudo vi/etc/login.defs passmaxdays passmindays 0 passwarnage 7 These settings require users to change every 6 months
Change their password and will alert the user 7 days in advance that the password is coming to an expiration date. If you want to set a different password age for each user, use the chage command. The following command can view a user's password period: $ sudo chage-l xmodulo last password change:dec 2013 password expires:never E:never account Expires:never Minimum nuMber between password change:0 Maximum number of days between password change:99999 number of days of Warnin
G before password expires:7 the user's password will never expire by default. The following command is used to modify the password period for Xmodulo users: 1 $ sudo chage-e 6/30/2014-m 5-m 90-i 30-w The above command will have the password period set to June 3, 2014. In addition, the minimum period for modifying a password is 5 days, and the maximum period is 90 days. 14 days before the password expires, a message is sent to alert the user that the expired account number will be locked for 30 days.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.