Linux (Unix) password policy issues cause root password cannot be modified

Linux(Unix) Password policy issues cause RootPassword cannot Modify

Date: £ º 1034 download number of times : 5

The user modified The password configuration file, causing the root account to change the password when the following error is reported :

Login to FC, find the corresponding machine, VNC landing system

2. After logging into the system, enter the password policy configuration directory

A. If it is a Debian, Ubuntu or Linux Mint System, edit vim/etc/Pamd/common-password

The configuration of the password policy must be displayed in the following order:

B. If it is CentOS, Fedora, RHEL system, edit vim/etc/pam. D/system-auth, the configuration of the password policy must be shown in the following order:

3. Disable the use of the old password

Find the line that has both "password" and "Pam_unix.so" fields attached with "remember=5", which means that the 5 passwords that have been used recently (passwords that have been used will be saved in the/etc/security/ OPASSWD below).

Debian, Ubuntu, or Linux Mint Systems:

vim/etc/Pamd/common-password

Password [success=1 default=ignore] Pam_unix.so obscure sha512 remember=5

CentOS, Fedora, RHEL systems:

vim/etc/Pamd/system-Auth

Password sufficient pamunix.so sha512 shadow Nullok tryfirstpass Useauthtok remember=5

4. Set the minimum password length

Find the line that has both "password" and "Pam_cracklib.so" fields attached with "minlen=10", which indicates that the minimum password length is (Ten - type number). The "Number of types" here represents the number of different character types. PAM provides 4 types of symbols as passwords (uppercase, lowercase letters, numbers, and punctuation marks). If your password uses these 4 types of symbols at the same time, and your minlen is set to 10, the shortest password length allowed is 6 characters.

Debian, Ubuntu, or Linux Mint Systems:

vim/etc/Pamd/common-password

Password requisite Pam_cracklib.so retry=3 minlen=10 difok=3

CentOS, Fedora, RHEL systems:

vim/etc/Pamd/system-Auth

Password requisite Pam_cracklib.so retry=3 difok=3 minlen=10

5. Setting the complexity of the password

Find both "password" and "Pam_cracklib.so" fields and Attach "ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1 "That line, which indicates that the password must contain at least one uppercase letter (ucredit), two lowercase letters (lcredit), a number (Dcredit), and a punctuation mark (ocredit).

Debian, Ubuntu, or Linux Mint Systems:

vim/etc/Pamd/common-password

Password requisite Pam_cracklib.so retry=3 minlen=10 difok=3 ucredit=-1 lcredit=-2 dcredit= -1 ocredit=-1

CentOS, Fedora, RHEL systems:

vim/etc/Pamd/system-Auth

Password requisite Pam_cracklib.so retry=3 difok=3 minlen=10 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1

6. Set Password expiration period

Vim/etc/login.defs

Users who are unfamiliar with the password policy are advised not to modify the password policy, and if so, do not mistake the order.

Http://www.linuxidc.com/Linux/2013-05/85204.htm

http://blog.csdn.net/xyz846/article/details/26585399

Https://blog.slogra.com/post-137.html

Linux (Unix) password policy issues cause root password cannot be modified