Linux Password complexity settings pam_pwquality, PAM_PASSWDQC (CENTOS7)
The 1.Linux corresponding password policy modules are: PAM_PASSWDQC and pam_pwquality.
Where the PAM_PASSWDQC module corresponds to the/etc/login.defs,pam_pwquality corresponding to the/etc/security/pwquality.conf
2. How to add modules:/etc/pam.d/passwd
Password Required pam_pwquality.so retry=3
3. There are two ways to configure a module:
(1)/etc/pam.d/system-auth
Password Required pam_pwquality.so dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0
(2)/etc/security/pwquality.conf
Retry=n: Defines the number of retries that can be retried when the login/change password fails, Difok=n: Defining a new password must have several characters different from the old password. However, if the new password hasmore than 1/2 characters and the old password is not the same, the new password will be accepted; Minlen=N: Defines the minimum length of the user's password; dcredit=N: Defines how many digits must be included in a user's password ; Ucredit=N: Defines how many uppercase letters must be included in a user's password; lcredit=N: Defines how many smaller letters must be included in the user's password; ocredit= N: Defines how many special characters must be included in the user's password (except for numbers, letters);
4./etc/login.defs detailed
99999 99999 057 #密码失效前多少天在用户登录时通知用户修改密码SkTj链接: https:// www.jianshu.com/p/3393008e37d9 : The copyright of Jane's book belongs to the author. Commercial reprint please contact the author for authorization, non-commercial reprint please specify the source.
6. Actual production environment configuration
Cat /etc/security/810 4=- 1 =-1=1=-1Difok=5
cat/etc/7 077
Linux Set password complexity and password periodic replacement policy