我使用 pam_pwquality.so 模块来强制执行密码复杂性。但它仅适用于自身用户。我的意思是,如果我登录某个用户(非 root)并更改该用户的密码,则复杂性规则适用,但如果我从 root 更改密码,则不会进行复杂性检查。
我发现 RHEL6 的 pam_passwdqc 模块也能强制 root 的复杂性。您能建议我为 RHEL7 和 UBUNTU 14.04 做类似的调整吗? https://access.redhat.com/solutions/23481 https://linux.die.net/man/8/pam_passwdqc
注意:pam_passwdqc 适用于 RHEL5&6
答案1
可以使用以下方法强制实施 root 策略:
enforce_for_root
The module will return error on failed check even if the user changing the password is root. This option is off by default which means that just the message about the failed check is printed but root can change the
password anyway. Note that root is not asked for an old password so the checks that compare the old and new password are not performed.
它记录在手册页。