我安装了 Ubuntu 18.04 并手动修改/etc/security/pwquality.conf了以下设置:
minlen = 14
minclass = 4
(没有#在行的开头)。
但是,当我添加新用户并在新密码提示中输入“123”时,它会显示以下消息:
密码错误:密码少于 14 个字符
重新输入新密码:
问题是,如果我再次输入“123”,它会显示:
密码已被使用。
passwd:密码更新成功
所以我可以将新密码设置为“123”,忽略该minlen设置。
为什么设置被忽略?
编辑:
我编辑了/etc/security/pwquality.conf:
# Configuration for systemwide password quality limits
# Defaults:
#
# Number of characters in the new password that must not be present in the
# old password.
# difok = 1
#
# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
# Cannot be set to lower value than 6.
minlen = 14
#
# The maximum credit for having digits in the new password. If less than 0
# it is the minimum number of digits in the new password.
# dcredit = 0
#
# The maximum credit for having uppercase characters in the new password.
# If less than 0 it is the minimum number of uppercase characters in the new
# password.
# ucredit = 0
#
# The maximum credit for having lowercase characters in the new password.
# If less than 0 it is the minimum number of lowercase characters in the new
# password.
# lcredit = 0
#
# The maximum credit for having other characters in the new password.
# If less than 0 it is the minimum number of other characters in the new
# password.
# ocredit = 0
#
# The minimum number of required classes of characters for the new
# password (digits, uppercase, lowercase, others).
minclass = 4
#
# The maximum number of allowed consecutive same characters in the new password.
# The check is disabled if the value is 0.
# maxrepeat = 0
#
# The maximum number of allowed consecutive characters of the same class in the
# new password.
# The check is disabled if the value is 0.
# maxclassrepeat = 0
#
# Whether to check for the words from the passwd entry GECOS string of the user.
# The check is enabled if the value is not 0.
# gecoscheck = 0
#
# Whether to check for the words from the cracklib dictionary.
# The check is enabled if the value is not 0.
# dictcheck = 1
#
# Whether to check if it contains the user name in some form.
# The check is enabled if the value is not 0.
# usercheck = 1
#
# Whether the check is enforced by the PAM module and possibly other
# applications.
# The new password is rejected if it fails the check and the value is not 0.
enforcing = 1
#
# Path to the cracklib dictionaries. Default is to use the cracklib default.
# dictpath =
enforce_for_root
(尝试添加enforcing_for_root行并取消注释enforcing=1行)。仍然遇到同样的问题
答案1
如果您在 root shell 中并在创建用户后设置密码,那么为了使设置/etc/security/pwquality.conf生效,您需要取消注释靠近底部的行。
enforce_for_root
注释掉后,这些设置将仅适用于普通用户。即使没有这一点,如果您尝试以该用户身份更改密码,也会失败,并显示密码少于 14 个字符以及未满足任何其他要求的消息。对于您的情况,只需取消注释上面的行即可。