Modify Linux system User password length and complexity __linux

Source: Internet
Author: User

Modify Linux system User password length and complexity

Before modifying the length of the Linux password is to modify the/etc/login.defs file Pass_min_len parameters, but the Earth people know that this parameter is not mandatory, users can use the same short password.


The real need to limit the complexity of the password, but also cracklib to complete.

Red Hat system is generally installed, you can rpm-qa|grep crack to view, is generally two packages


The main parameters of Cracklib are:
1.debug
For syslog logging
2.type=abcd
When you modify a password, the typical hint message is:

New Linux Password:

Retype Linux Password:

You can replace the word Linux with ABCD.
3.retry=3
User has several chances to make mistakes
4.difok=5
At least a few characters in the new password are different from the previous password.
5.difignore=3
Ignores several letters before the different characters in the new password.

6.minlen=8

Minimum password length

7.dcreditr=5
Up to a few digits in the password
8.ucredit=5
Up to a few large letters in the password.
9.lcredit=5
Up to a few consumer letters in the new password

10.ocredit=5

Up to a few special characters in the new password
11.use_authtok

Use the password in the password dictionary


Cracklib Password Strength detection process

First check to see if the password is part of the dictionary, and if not, do the following

|

|

/|/
Password Strength detection process

|

|

/|/
Whether the new password is a palindrome of the old password

|
|

/|/
Whether the new password changed the case only on the password

|
|

/|/
Whether the new password is similar to the old password

|

|

/|/
Whether the new password is too short

|
|

/|/
Whether the character of the new password is a loop of the old password character
For example, old password: 123
New Password: 231

|

|

/|/
Has this password ever been used before?

Configuration Sample:

Normal 0 7.8 lb 0 2 false false en-US zh-cn x-none/* Style definitions/table. msonormaltable {mso-style-name: plain form; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; Mso-style-parent: ""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; Mso-pagination:widow-orphan; font-size:10.5pt; mso-bidi-font-size:11.0pt; font-family: "Calibri", "Sans-serif"; Mso-ascii-font-family:calibri; Mso-ascii-theme-font:minor-latin; Mso-hansi-font-family:calibri; Mso-hansi-theme-font:minor-latin; Mso-bidi-font-family: "Times New Roman"; Mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt;}

/etc/pam.d/system-auth

Modify

Password requisite/lib/security/$ISA/pam_cracklib.so retry=3

For

password requisite/lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 difok=5

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.