1.密码有效期
cp /etc/login.defs /etc/login.defs.bak vim /etc/login.defs # Password aging controls: # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_LEN Minimum acceptable password length. # PASS_WARN_AGE Number of days warning given before a password expires. # PASS_MAX_DAYS 90 PASS_MIN_DAYS 80 PASS_MIN_LEN 10 PASS_WARN_AGE 7
2.密码复杂度
cp /etc/pam.d/system-auth-ac /etc/pam.d/system-auth-ac.bak vim /etc/pam.d/system-auth 。。。。。。 #password requisite pam_cracklib.so try_first_pass retry=3 type= ##注释这一行,添加下一行 password requisite /lib/security/$ISA/pam_passwdqc.so min=disabled,24,16,12,10 passphrase=3 max=40 enforce=everyone retry=3 similar=deny password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so
3.测试
echo "mhokwyaofnrd"|passwd --stdin root ##仅仅小写,不通过 echo "IEJVRRzfdHPI"|passwd --stdin root ##大写,小写,不通过 echo "cyd******Ab8C"|passwd --stdin root ##大小写,特殊字符,通过。 echo "Jes&us*****12"|passwd --stdin root ##通过
如果出现下面模块不支持的情况
请换种 模块支持( 上面使用了/lib/security/$ISA/pam_passwdqc.so 模块)
原文:http://www.cnblogs.com/dadonggg/p/7975710.html