Linux Set password complexity and password periodic replacement policy

Linux Password complexity settings pam_pwquality, PAM_PASSWDQC (CENTOS7)

The 1.Linux corresponding password policy modules are: PAM_PASSWDQC and pam_pwquality.

Where the PAM_PASSWDQC module corresponds to the/etc/login.defs,pam_pwquality corresponding to the/etc/security/pwquality.conf

2. How to add modules:/etc/pam.d/passwd

Password Required pam_pwquality.so retry=3

3. There are two ways to configure a module:

(1)/etc/pam.d/system-auth

Password Required pam_pwquality.so dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0

(2)/etc/security/pwquality.conf

Retry=n: Defines the number of retries that can be retried when the login/change password fails, Difok=n: Defining a new password must have several characters different from the old password. However, if the new password hasmore than 1/2 characters and the old password is not the same, the new password will be accepted; Minlen=N: Defines the minimum length of the user's password; dcredit=N: Defines how many digits must be included in a user's password ; Ucredit=N: Defines how many uppercase letters must be included in a user's password; lcredit=N: Defines how many smaller letters must be included in the user's password; ocredit= N: Defines how many special characters must be included in the user's password (except for numbers, letters);

4./etc/login.defs detailed

99999 99999  057  #密码失效前多少天在用户登录时通知用户修改密码SkTj链接: https://  www.jianshu.com/p/3393008e37d9 : The copyright of Jane's book belongs to the author. Commercial reprint please contact the author for authorization, non-commercial reprint please specify the source. 

6. Actual production environment configuration

Cat  /etc/security/810 4=- 1  =-1=1=-1Difok=5

 cat/etc/7 077

Linux Set password complexity and password periodic replacement policy