我如何禁止用户在 Ubuntu 22.04 上设置带有德语变音符号的密码äöüÄÜÖß?即使是非 Ubuntupam 正则表达式模块只能对用户名进行正则表达式,而不能对密码进行正则表达式。
答案1
按照@HBruijn的建议,你可以使用pam-script 模块。
例子/etc/pam.d/common-password
# here are the per-package modules (the "Primary" block)
password requisite pam_pwquality.so minclass=2 minlen=3 usercheck=0 dictcheck=0 gecoscheck=0 maxclassrepeat=0 maxsequence=0 maxrepeat=0 enforce_for_root
# forbid german umlauts
password requisite pam_script.so
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass yescrypt
# here's the fallback if no module succeeds
password requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
脚本/usr/share/libpam-script/pam_script_passwd看起来像
#!/usr/bin/bash
if [[ "$PAM_AUTHTOK" != *@(ä|Ä|Ä|ä|Ö|ö|Ü|ü|ß)* ]]; then
exit 0
else
>&2 echo "Error. Invalid Password. Password must not include German Umlaut (e.g. ä, Ö, ß)"
exit 1
fi
确保脚本可执行且可由 u、g、o 读取,但其他人无法写入。例如 u=rwx,g=rwx,o=rx