禁止在 Ubuntu 密码中使用字符

禁止在 Ubuntu 密码中使用字符

我如何禁止用户在 Ubuntu 22.04 上设置带有德语变音符号的密码äöüÄÜÖß?即使是非 Ubuntupam 正则表达式模块只能对用户名进行正则表达式,而不能对密码进行正则表达式。

答案1

按照@HBruijn的建议,你可以使用pam-script 模块

例子/etc/pam.d/common-password

  # here are the per-package modules (the "Primary" block)
  password   requisite pam_pwquality.so minclass=2 minlen=3 usercheck=0 dictcheck=0 gecoscheck=0 maxclassrepeat=0 maxsequence=0 maxrepeat=0 enforce_for_root
  # forbid german umlauts
  password   requisite                      pam_script.so
  password   [success=1 default=ignore]   pam_unix.so obscure use_authtok try_first_pass yescrypt
  # here's the fallback if no module succeeds
  password   requisite pam_deny.so
  # prime the stack with a positive return value if there isn't one already;
  # this avoids us returning an error just because nothing sets a success code
  # since the modules above will each just jump around
  password   required pam_permit.so
  # and here are more per-package modules (the "Additional" block)
  # end of pam-auth-update config

脚本/usr/share/libpam-script/pam_script_passwd看起来像

  #!/usr/bin/bash
  
  if [[ "$PAM_AUTHTOK" != *@(ä|Ä|Ä|ä|Ö|ö|Ü|ü|ß)* ]]; then
    exit 0
  else
    >&2 echo "Error. Invalid Password. Password must not include German Umlaut (e.g. ä, Ö, ß)"
    exit 1
  fi

确保脚本可执行且可由 u、g、o 读取,但其他人无法写入。例如 u=rwx,g=rwx,o=rx

相关内容