Linux(Unix) Password policy issues cause
RootPassword cannot
Modify
Date: £ º 1034 download number of times : 5
The user modified The password configuration file, causing the root account to change the password when the following error is reported :
Login to FC, find the corresponding machine, VNC landing system
2. After logging into the system, enter the password policy configuration directory
A. If it is a Debian, Ubuntu or Linux Mint System, edit vim/etc/Pamd/common-password
The configuration of the password policy must be displayed in the following order:
B. If it is CentOS, Fedora, RHEL system, edit vim/etc/pam. D/system-auth, the configuration of the password policy must be shown in the following order:
3. Disable the use of the old password
Find the line that has both "password" and "Pam_unix.so" fields attached with "remember=5", which means that the 5 passwords that have been used recently (passwords that have been used will be saved in the/etc/security/ OPASSWD below).
Debian, Ubuntu, or Linux Mint Systems:
vim/etc/Pamd/common-password
Password [success=1 default=ignore] Pam_unix.so obscure sha512 remember=5
CentOS, Fedora, RHEL systems:
vim/etc/Pamd/system-Auth
Password sufficient pamunix.so sha512 shadow Nullok tryfirstpass Useauthtok remember=5
4. Set the minimum password length
Find the line that has both "password" and "Pam_cracklib.so" fields attached with "minlen=10", which indicates that the minimum password length is (Ten - type number). The "Number of types" here represents the number of different character types. PAM provides 4 types of symbols as passwords (uppercase, lowercase letters, numbers, and punctuation marks). If your password uses these 4 types of symbols at the same time, and your minlen is set to 10, the shortest password length allowed is 6 characters.
Debian, Ubuntu, or Linux Mint Systems:
vim/etc/Pamd/common-password
Password requisite Pam_cracklib.so retry=3 minlen=10 difok=3
CentOS, Fedora, RHEL systems:
vim/etc/Pamd/system-Auth
Password requisite Pam_cracklib.so retry=3 difok=3 minlen=10
5. Setting the complexity of the password
Find both "password" and "Pam_cracklib.so" fields and Attach "ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1 "That line, which indicates that the password must contain at least one uppercase letter (ucredit), two lowercase letters (lcredit), a number (Dcredit), and a punctuation mark (ocredit).
Debian, Ubuntu, or Linux Mint Systems:
vim/etc/Pamd/common-password
Password requisite Pam_cracklib.so retry=3 minlen=10 difok=3 ucredit=-1 lcredit=-2 dcredit= -1 ocredit=-1
CentOS, Fedora, RHEL systems:
vim/etc/Pamd/system-Auth
Password requisite Pam_cracklib.so retry=3 difok=3 minlen=10 ucredit=-1 lcredit=-2 dcredit=-1 ocredit=-1
6. Set Password expiration period
Vim/etc/login.defs
Users who are unfamiliar with the password policy are advised not to modify the password policy, and if so, do not mistake the order.
Http://www.linuxidc.com/Linux/2013-05/85204.htm
http://blog.csdn.net/xyz846/article/details/26585399
Https://blog.slogra.com/post-137.html
Linux (Unix) password policy issues cause root password cannot be modified