Modify Linux system User password length and complexity __linux

Modify Linux system User password length and complexity

Before modifying the length of the Linux password is to modify the/etc/login.defs file Pass_min_len parameters, but the Earth people know that this parameter is not mandatory, users can use the same short password.

The real need to limit the complexity of the password, but also cracklib to complete.

Red Hat system is generally installed, you can rpm-qa|grep crack to view, is generally two packages

The main parameters of Cracklib are:
1.debug
For syslog logging
2.type=abcd
When you modify a password, the typical hint message is:

New Linux Password:

Retype Linux Password:

You can replace the word Linux with ABCD.
3.retry=3
User has several chances to make mistakes
4.difok=5
At least a few characters in the new password are different from the previous password.
5.difignore=3
Ignores several letters before the different characters in the new password.

6.minlen=8

Minimum password length

7.dcreditr=5
Up to a few digits in the password
8.ucredit=5
Up to a few large letters in the password.
9.lcredit=5
Up to a few consumer letters in the new password

10.ocredit=5

Up to a few special characters in the new password
11.use_authtok

Use the password in the password dictionary

Cracklib Password Strength detection process

First check to see if the password is part of the dictionary, and if not, do the following

|

|

/|/
Password Strength detection process

|

|

/|/
Whether the new password is a palindrome of the old password

|
|

/|/
Whether the new password changed the case only on the password

|
|

/|/
Whether the new password is similar to the old password

|

|

/|/
Whether the new password is too short

|
|

/|/
Whether the character of the new password is a loop of the old password character
For example, old password: 123
New Password: 231

|

|

/|/
Has this password ever been used before?

Configuration Sample:

Normal 0 7.8 lb 0 2 false false en-US zh-cn x-none/* Style definitions/table. msonormaltable {mso-style-name: plain form; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; Mso-style-parent: ""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; Mso-pagination:widow-orphan; font-size:10.5pt; mso-bidi-font-size:11.0pt; font-family: "Calibri", "Sans-serif"; Mso-ascii-font-family:calibri; Mso-ascii-theme-font:minor-latin; Mso-hansi-font-family:calibri; Mso-hansi-theme-font:minor-latin; Mso-bidi-font-family: "Times New Roman"; Mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt;}

/etc/pam.d/system-auth

Modify

Password requisite/lib/security/$ISA/pam_cracklib.so retry=3

For

password requisite/lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 difok=5