目前我使用的是 SunSolaris 机器:
bash-3.00# uname -a
SunOS labxxxx 5.10 Generic_144488-17 sun4u sparc SUNW,Netra-240
bash-3.00#
当我尝试为 root 设置空(空白)密码时,它让我这样做:
SunOS labxxxx 5.10 Generic_144488-17 sun4u sparc SUNW,Netra-240
bash-3.00# passwd root
New Password:
Re-enter new Password:
passwd: password successfully changed for root
bash-3.00#
我在我的 Centos Linux 机器上重复了相同的测试,它不允许我为 root 用户设置空密码:
[root@localhost linuxLogs]# uname -a
Linux localhost.localdomain 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost linuxLogs]# passwd root
Changing password for user root.
New password:
BAD PASSWORD: it is WAY too short
BAD PASSWORD: is a palindrome
Retype new password:
No password supplied
passwd: Authentication token manipulation error
我的问题是如何在 Solaris 计算机上完全(全局)禁用空密码?
我已经检查过以下链接,但没有帮助:
http://www.informit.com/articles/article.aspx?p=101163&seqNum=7
https://community.oracle.com/thread/1927039?start=0&tstart=0
http://www.unix.com/solaris/125161-solaris-10-allow-ssh-login-empty-passwd.html
http://docs.oracle.com/cd/E19253-01/816-4863/pam-20/index.html
有什么办法可以通过pam.conf
文件来控制它吗?
这是输出:
bash-3.00# file $(which passwd)
/usr/bin/passwd: ELF 32-bit MSB executable SPARC Version 1, dynamically linked, stripped
bash-3.00# truss -t open passwd root
open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT
open("/lib/libbsm.so.1", O_RDONLY) = 3
open("/lib/libpam.so.1", O_RDONLY) = 3
open("/lib/libnsl.so.1", O_RDONLY) = 3
open("/usr/lib/passwdutil.so.1", O_RDONLY) = 3
open("/lib/libc.so.1", O_RDONLY) = 3
open("/lib/libsocket.so.1", O_RDONLY) = 3
open("/lib/libmd.so.1", O_RDONLY) = 3
open("/lib/libsecdb.so.1", O_RDONLY) = 3
open("/lib/libcmd.so.1", O_RDONLY) = 3
open("/platform/SUNW,Netra-240/lib/libc_psr.so.1", O_RDONLY) = 3
open("/usr/lib/locale/en_US.ISO8859-1/en_US.ISO8859-1.so.3", O_RDONLY) = 3
open("/etc/pam_debug", O_RDONLY) Err#2 ENOENT
open("/etc/pam.conf", O_RDONLY) = 3
open("/usr/lib/security/pam_passwd_auth.so.1", O_RDONLY) = 3
open("/etc/nsswitch.conf", O_RDONLY|O_LARGEFILE) = 3
open("/etc/passwd", O_RDONLY|O_LARGEFILE) = 3
open("/usr/lib/security/pam_dhkeys.so.1", O_RDONLY) = 3
open("/usr/lib/security/pam_authtok_get.so.1", O_RDONLY) = 3
open("/usr/lib/security/pam_authtok_check.so.1", O_RDONLY) = 3
open("/usr/lib/security/pam_authtok_store.so.1", O_RDONLY) = 3
open("/dev/tty", O_RDWR) = 3
New Password: Received signal #20, SIGWINCH, in read() [default]
open("/dev/tty", O_RDWR) = 3
Re-enter new Password:
bash-3.00#
答案1
看看吧/etc/default/passwd
。有一个指令称为PASSLENGTH
.默认情况下,它具有以下值6
,更改密码会给出:
# passwd root
New Password:
passwd: Password too short - must be at least 6 characters.
另请检查内容/etc/pam.conf
并验证是否存在以下部分:
#
# passwd command (explicit because of a different authentication module)
#
passwd auth required pam_passwd_auth.so.1
和
# Password construction requirements apply to all users.
# Remove force_check to have the traditional authorized administrator
# bypass of construction requirements.
other password requisite pam_authtok_check.so.1 force_check
有关更多信息,请参阅man -s 5 pam_authtok_check
当使用truss
查看passwd
二进制文件使用了哪些文件时,将返回以下输出:
# truss -t open passwd root
open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT
open("/lib/libbsm.so.1", O_RDONLY) = 3
open("/lib/libpam.so.1", O_RDONLY) = 3
open("/lib/libnsl.so.1", O_RDONLY) = 3
open("/usr/lib/passwdutil.so.1", O_RDONLY) = 3
open("/lib/libc.so.1", O_RDONLY) = 3
open("/lib/libsocket.so.1", O_RDONLY) = 3
open("/lib/libmd.so.1", O_RDONLY) = 3
open("/lib/libsecdb.so.1", O_RDONLY) = 3
open("/lib/libcmd.so.1", O_RDONLY) = 3
open("/platform/SUNW,SPARC-Enterprise-T5220/lib/libc_psr.so.1", O_RDONLY) = 3
open("/etc/pam_debug", O_RDONLY) Err#2 ENOENT
open("/etc/pam.conf", O_RDONLY) = 3
open("/usr/lib/security/pam_passwd_auth.so.1", O_RDONLY) = 3
open("/etc/nsswitch.conf", O_RDONLY|O_LARGEFILE) = 3
open("/etc/passwd", O_RDONLY|O_LARGEFILE) = 3
open("/usr/lib/security/pam_dhkeys.so.1", O_RDONLY) = 3
open("/usr/lib/security/pam_authtok_get.so.1", O_RDONLY) = 3
open("/usr/lib/security/pam_authtok_check.so.1", O_RDONLY) = 3
open("/usr/lib/security/pam_authtok_store.so.1", O_RDONLY) = 3
open("/dev/tty", O_RDWR) = 3
New Password:
open("/etc/default/passwd", O_RDONLY) = 3
open("/etc/shadow", O_RDONLY|O_LARGEFILE) = 3
open("/etc/security/policy.conf", O_RDONLY) = 3
passwd: Password too short - must be at least 6 characters.
Please try again
open("/dev/tty", O_RDWR) = 3
New Password: Received signal #2, SIGINT, in read() [caught]