Linux User Password Policy test

Source: Internet
Author: User
Tags md5


1, Linux Normal user default password policy:

Using passwd to modify a user's password, it is often suggested that "bad Password:it was based on a dictionary word". In fact, the password authentication mechanism required by Linux is to specify the minimum number of characters in/etc/login.defs, and also to be limited by/ETC/PAM.D/PASSWD. However, under the root user how to set all can, can not be constrained by the authentication mechanism, even if out "bad Password:it is based on a dictionary word" can also be modified successfully.

But ordinary users to modify their own password, if it does not conform to the password verification mechanism, the modification is unsuccessful, there will be various errors.

"Bad Password:it's way to Too short", this is the report password is too small, does not conform to/etc/login.defs settings;

"Bad Password:it are based on your username", this is the password and account cannot have the same name, which is not in accordance with the/ETC/PAM.D/PASSWD settings;

"Bad Password:it was based on a dictionary word" because the string in the dictionary appears.


How do you get rid of the restrictions?

1. Vi/etc/pam.d/system-auth as root.

2. Look for the following and the lines:

Password requisite pam_cracklib.so try_first_pass retry=3
Password sufficient pam_unix.so MD5 shadow Nullok try_first_pass Use_authtok

3. Comment out the first of the lines:
#password Requisite pam_cracklib.so Try_first_pass retry=3

4. Remove Use_authtok on the second line. Otherwise you'll get "passwd:authentication information cannot be recovered" error.
Password sufficient pam_unix.so MD5 shadow Nullok Try_first_pass

5. That ' s it. Try changing your password again.

When only the 3rd step, pam_cracklib.so password complexity does not check, but Use_authtok still work, will cause all cannot change password, then will come out the following error:

Passwd:authentication Token manipulation Error

The password complexity is not checked as per the above, but the average user is still limited to the minimum password length of the pam_cracklib.

Simple
Is the new password too small? This was controlled by 6 arguments Minlen, maxclassrepeat, Dcredit, Ucredit,lcredit, and Ocredit.


2, change the password for ordinary users, increase password security:

Modify/etc/pam.d/system-auth

Password requisite pam_cracklib.so try_first_pass retry=3 minlen=8 lcredit=-1 ucredit=-1 ocredit=-1 dcredit=-1 enfo Rce_for_root


Where Enforce_for_root is mandatory administrator modification, if none, administrator modification unrestricted

The pam_cracklib.so module, which has enforce_for_root in the CENTOS6 version, is not available in version 5 and can be used pam_passwdqc.so


3. Using pam_passwdqc.so module

          password    requisite  pam_passwdqc.so  enforce=everyone

Independent of the Pam_cracklib module, set the password security separately.


This article is from the "Autumn Fairy tale" blog, please be sure to keep this source http://wushank.blog.51cto.com/3489095/1662663

Linux User Password Policy test

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.