In-depth analysis of the application of PAM in password protection

Source: Internet
Author: User
Tags md5 hash password protection strong password
Article title: in-depth analysis of the application of PAM in password protection. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
PAM is an implementation of the pluggable authentication modules system, which was initially developed by sun. it was quickly accepted by the linux community and developed more modules. The goal is to provide a set of function libraries that can be used to authenticate user identities, thus separating authentication from application development. Below are some simple examples of PAM in password protection.
The is a PAM pattern that is used to monitor the number of user login failures and reflect when the value exceeds a specific value. For example, after a user fails to log on three times, the user's account will be locked for a period of time, or be permanently locked (or contact the system administrator ). Add the following lines to/etc/pam. d/login:
Account required/lib/security/ deny = 3 no-magic-root
This line configures the to lock the user's account after three consecutive login failures. In this way, the attacker will only have three chances to guess the password and then be removed. is the PAM version of the cracklib library written by alec muffett, used to check the strength of the password, he first calls the cracklib routine to test whether the password can be cracked. After passing this test, perform the following tests:
. Password Retrieval?
. Is the new password a case-insensitive version of the old password?
. Are new and old passwords very similar?
. Is the password too short?
. Is the new password a shift version of the old password?
To test each new password. You only need to replace the original module with the following lines in the/etc/pam. d/passwd file;
Password required retry = 3
Password use-authtok md5
In this way, users are given three opportunities to choose the appropriate strong password. You can also force the password length:
Password required retry = 3 minlength = 10
Password use-authtok md5
Force MD5 hash some linux releases use DES hash by default, instead of MD5 hash. To force all new passwords to be saved in MD5 hash, simply add md5 to the line of the/etc/pam. d/passwd file:
Password use-authtok md5
The following perl code can be used to generate a strong password:
#! /Usr/bin/perl-w
Use strict;
My @ chars = (33 .. 91, 93 .. 126 );
My $ num-chars = @ chars;
My $ length;
My $ punt = '! "# $ % & '() * +,-./:; <=>? @ [\] ^ {| }~ ';
Print "enter number of characters in your passwd :"
Chmop ($ length = );
Die "length must be greater than 6! "If $ length <= 5;
While (1 ){
My $ password = '';
Foreach (1 .. Slength ){
Spassword. = chr (Schars [int (rant (Snum-chars)]);
If ($ passwd = ~ /[A-z]/and $ passwd = ~ /[A-Z]/and
$ Passwd = ~ /[0-9]/and $ passwd = ~ /[$ Punt]/{
Print Spassword, "\ n ";
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.