Linux is the complexity of the user's password requirements set "Go"

So how does Linux implement the user's password complexity check? In fact, the system control of the password is composed of two parts:

1 cracklib

2/etc/login.defs

Pam_cracklib.so is the key file to control the complexity of the password/lib/security/pam_cracklib.so, redhat company specifically developed cracklib this installation package to determine the complexity of the password. If you want to see some of the parameters of Pam_cracklib, then use the following command

[email protected] security]# man Pam_cracklib

Some of the common parameters are

retry=N Change the number of times the password was entered, the default value is 1. That is, if the password entered by the user is not strong enough to exit. You can use this option to set the number of inputs so that everything starts from scratch Prompt user at the most N times before returning with error. thedefault  is 1Minlen=n the minimum acceptable length of the new password the minimum acceptable size forTheNewPassword (plus oneifcredits is not disabled which isThedefault). In addition to the number of charactersinchTheNewPassword, credit (of +1 inchlength) isGiven forEach different kind of character (other, upper, lower and digit). thedefault  for  ThisParameter is 9which isGood forA old style UNIX password all of the same type of character and May is too low to exploit t He added security of a MD5 system. Note that there isA pair of length limitsinchCracklib itself, a"The too               Short"limit of 4 which is hard coded in and a defined limit (6)That'll becheckedwithout reference to Minlen. If you want to allow passwords as  Short  as 5Characters you should don't use Thismodule. Difok=n The default value is 10. This parameter sets the number of new, old passwords that are allowed for the same characters. However, if the new password is 1/2 characters and old password are different, then the new password is accepted this argument'll change thedefaultOf5  forThe number of charactersinchTheNewPassword that must isn't being presentinchThe old password. In addition,if 1/2of the charactersinchTheNewpassword is different then theNewpassword'll be accepted anyway. Dcredit=n Limit how many digits in the new password are at least (n>=0) This isThe maximum credit forHaving digitsinchTheNewpassword. If you had less than or N digits, each digit would count+1Towards meeting the current Minlen value. Thedefault  forDcredit is 1which isThe recommended value forMinlen less thanTen. (N<0) This isThe minimum number of digits that must be met foraNewpassword. Ucredit=N Limit the number of uppercase characters in the new password. Lcredit=n Limits how many lowercase characters are at least in the new password. 

For example, the last additional dcredit=3 ucredit=2 using pam_cracklib.so settings in/etc/pam.d/system-auth password

Password requisite pam_cracklib.so try_first_pass retry=3 dcredit=3 ucredit=2

Password sufficient pam_unix.so MD5 shadow Nullok try_first_pass Use_authtok

Password Required pam_deny.so

At this point, if your new user's password does not meet the complexity of the password, a bad password:it are based on a dictionary word prompt.

[Email protected] ~]# passwd TTT

Changing password for user TTT.

Bad Password:it are based on a dictionary word

Turn from

Linux account password expiration security policy setting-Xiaoxiang Hermit-Blog Park
Http://www.cnblogs.com/kerrycode/p/5600525.html

Linux is the complexity of the user's password requirements set "Go"