我正在尝试在 red-hat 7.5 上设置密码策略复杂性。
我希望每个尝试更改密码的用户都必须使用至少包含以下内容的密码 - (1 个下划线、1 个上划线、1 个数字、1 个特殊字符) 且长度至少为 15 个字符。
答案1
正如评论中提到的:你读过手册页吗?密码质量配置文件听起来你只需要添加这两行:
minlen = 15
minclass = 4
答案2
(我手头没有 RHEL 7 系统,只有 CentOS 7,除了细微的差别外,它们通常是相同的。)
默认情况下,pwquality PAM 模块已启用,您只需调整配置文件中的默认策略/etc/security/pwquality.conf
以满足您的需求。
# /etc/security/pwquality.conf
# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
# Cannot be set to lower value than 6.
minlen = 15
# The minimum number of required classes of characters for the new
# password (digits, uppercase, lowercase, others).
minclass = 4
或者,您可以使用以下命令调整密码策略authconfig
:
authconfig --help
...
--passminlen=<number>
minimum length of a password
--passminclass=<number>
minimum number of character classes in a password
--passmaxrepeat=<number>
maximum number of same consecutive characters in a password
--passmaxclassrepeat=<number>
maximum number of consecutive characters of same class in a password
--enablereqlower require at least one lowercase character in a password
--disablereqlower do not require lowercase characters in a password
--enablerequpper require at least one uppercase character in a password
--disablerequpper do not require uppercase characters in a password
--enablereqdigit require at least one digit in a password
--disablereqdigit do not require digits in a password
--enablereqother require at least one other character in a password
--disablereqother do not require other characters in a password
--enablefaillock enable account locking in case of too many consecutive authentication failures
--disablefaillock disable account locking on too many consecutive authentication failures
...
例如
authconfig --passminlen=15 --passminclass=4
答案3
password-auth
在和中启用 pam_pwquality.so 后system-auth
,在 中设置这些参数/etc/security/pwquality.so
。
minlen=15
dcredit=-1
ucredit=-1
ocredit=-1
lcredit=-1
答案4
RHEL7
- 在 /etc/security/pwquality.conf 文件中添加这些值 minlen = 15 ucredit = -1 lcredit = -1
ocredit = -1 dcredit = -1
minclass = #
#- 是您希望从所有上述定义的类别中符合密码最低类型的数字
或者使用命令“authconfig”
authconfig --enablereqlower --enablerequpper --enablereqdigit --enablereqother --passminlen=15 --update
RHEL5:
- 密码要求 pam_cracklib.so try_first_pass retry=5 minlen=15 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1
RHEL6:
- 密码要求 pam_cracklib.so try_first_pass retry=5 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 minlen=15
===================
- /etc/login.defs
传递最小长度 15