密碼設(shè)置復(fù)雜度和期限-創(chuàng)新互聯(lián)

以下是通過man pam_cracklib查看獲得的解釋
一　PAM_CRACKLIB模塊可以做的密碼策略：
1.回文限制
2.字符數(shù)量限制
3.字符類型限制
4.重復(fù)字符限制
5.新密碼和老密碼重復(fù)字符數(shù)量限制
6.新密碼和老密碼的相似度記憶
7.記憶最近幾次的密碼不能和老密碼重復(fù)

authtok_type=XXX
          The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ".
        The example word UNIX can be replaced with this option, by default it is empty.
        當(dāng)輸入新密碼時(shí)的默認(rèn)提示

difok=N
          This argument will change the default of 5 for the number of character changes in the new password that differentiate it from the old password.
        這個(gè)參數(shù)將改變新密碼不同于老密碼5個(gè)字符的默認(rèn)設(shè)置
maxrepeat=N
          Reject passwords which contain more than N same consecutive characters. The default is 0 which means that this check is disabled.
        拒絕包含超過N個(gè)連續(xù)相同的字符．默認(rèn)是0，意思是不用檢查

maxsequence=N
          Reject passwords which contain monotonic character sequences longer than N. The default is 0 which means that this check is disabled. Examples of such sequence are 12345
        or fedcb. Note that most such passwords will not pass the
          simplicity check unless the sequence is only a minor part of the password.
        拒絕密碼包含大于N的單純字符序列．默認(rèn)不檢查，注意大多數(shù)密碼不會通過簡單性檢查除非這個(gè)序列是密碼的次要部分
dictpath=/path/to/dict
          Path to the cracklib dictionaries.

二　報(bào)錯(cuò)實(shí)例
如果是和以前用過的相同就會報(bào)錯(cuò)：
Password has been already used. Choose another.
如果新密碼和老密碼一樣就會提示：
Password unchanged
如果新密碼和老密碼相似度太高會提示：
is too similar to the old one
如果設(shè)置的復(fù)雜度不夠會提示：
BAD PASSWORD: it is too short
如果是比如密碼設(shè)置有連續(xù)的多個(gè)字符就會提示：
BAD PASSWORD: it is too simplistic/systematic
如果設(shè)密碼超過重復(fù)字符限制：

10多年的鹿泉網(wǎng)站建設(shè)經(jīng)驗(yàn)，針對設(shè)計(jì)、前端、開發(fā)、售后、文案、推廣等六對一服務(wù)，響應(yīng)快，48小時(shí)及時(shí)工作處理。營銷型網(wǎng)站的優(yōu)勢是能夠根據(jù)用戶設(shè)備顯示端的尺寸不同，自動調(diào)整鹿泉建站的顯示方式，使網(wǎng)站能夠適用不同顯示終端，在瀏覽器中調(diào)整網(wǎng)站的寬度，無論在任何一種瀏覽器上瀏覽網(wǎng)站，都能展現(xiàn)優(yōu)雅布局與設(shè)計(jì)，從而大程度地提升瀏覽體驗(yàn)。成都創(chuàng)新互聯(lián)公司從事“鹿泉網(wǎng)站設(shè)計(jì)”,“鹿泉網(wǎng)站推廣”以來，每個(gè)客戶項(xiàng)目都認(rèn)真落實(shí)執(zhí)行。

BAD PASSWORD: contains too many same characters consecutively

三　配置實(shí)例

password   requisite    /lib64/security/pam_cracklib.so try_first_pass retry=3 difok=3
authtok_type=you_must_enter_at_least_3_charactors type= minlen=8 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 dictpath=/usr/share/cracklib/pw_dict
password   sufficient   /lib64/security/pam_unix.so try_first_pass use_authtok nullok sha512 shadow remember=3

控制標(biāo)識符解釋：
optionalThe module is required for authentication if it is the only module listed
for a service.
required The module must succeed for access to be granted. PAM continues
to execute the remaining modules in the stack whether the module
succeeds or fails. PAM does not immediately inform the user of the
failure.
requisite The module must succeed for access to be granted. If the module
succeeds, PAM continues to execute the remaining modules in the
stack. However, if the module fails, PAM notifies the user immediately
and does not continue to execute the remaining modules in the stack.
sufficient If the module succeeds, PAM does not process any remaining modules
of the same operation type. If the module fails, PAM processes the
remaining modules of the same operation type to determine overall
success or failure.

四　密碼過期

/etc/login.defs 文件，可以設(shè)置當(dāng)前密碼的有效期限，如果想單獨(dú)為每個(gè)用戶設(shè)置不同期限使用chage命令．

五　一般的密碼策略

Password must meetthe following complexity requirements:
- Enforce password history: 5 passwords remembered
- Maximum password age: 90 days
- Not contain the user's account nameor parts of the user's full name thatexceed two consecutive characters
- Be at least 7 characters in length

- Contain characters from three of the following four categories:
1. English uppercase characters (A through Z)
2. English lowercase characters (a through z)
3. Base 10 digits (0 through 9)
4. Non-alphabetic characters (for example, !, $, #, %)
Complexity requirements are enforced when passwords are changed or created

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn，海內(nèi)外云服務(wù)器15元起步，三天無理由+7*72小時(shí)售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場景需求。

網(wǎng)頁題目：密碼設(shè)置復(fù)雜度和期限-創(chuàng)新互聯(lián)
分享URL：http://muchs.cn/article40/dspceo.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供商城網(wǎng)站、網(wǎng)站維護(hù)、App開發(fā)、微信小程序、Google、網(wǎng)站收錄

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請盡快告知，我們將會在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場，如需處理請聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時(shí)需注明來源： 創(chuàng)新互聯(lián)