Linux,我想设置包含用户名的用户密码,如何设置密码策略?
Linux,I want to set user passwd which contains the username,How to set passwd policy?
我对linux密码政策略知一二,我已经建立了一个新用户
useradd testuser
我想将测试用户的密码设置为 abtestuserab
我输入
passwd testuser
输入abtestuserab
失败,终端报
BAD PASSWORD: The password contains the user name in some form
那么,如何使密码有效。
/etc/pam.d/system-auth 是这样的
auth required pam_tally2.so onerr=fail deny=10 unlock_time=600 root_unlock_time=600 audit
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account required pam_permit.so
password requisite pam_pwquality.so minlen=9 try_first_pass local_users_only retry=3 authtok_type= enforce_for_root ocredit=0 lcredit=-1 ucredit=-1 dcredit=-1 [badw
ords=first2012++]
password required pam_pwhistory.so remember=10 use_authtok enforce_for_root
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
以下对我有用:
/tmp ❯❯❯ sudo su
[sudo] password for wani:
/tmp # ❯❯❯ useradd testuser
/tmp # ❯❯❯ echo -e "abtestuserab\nabtestuserab" | passwd testuser
Changing password for user testuser.
New password: BAD PASSWORD: The password contains the user name in some form
Retype new password: passwd: all authentication tokens updated successfully.
/tmp # ❯❯❯
如果我是 root 用户,那么 BAD PASSWORD 文本只是一个警告。
我对linux密码政策略知一二,我已经建立了一个新用户
useradd testuser
我想将测试用户的密码设置为 abtestuserab
我输入
passwd testuser
输入abtestuserab
失败,终端报
BAD PASSWORD: The password contains the user name in some form
那么,如何使密码有效。 /etc/pam.d/system-auth 是这样的
auth required pam_tally2.so onerr=fail deny=10 unlock_time=600 root_unlock_time=600 audit
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account required pam_permit.so
password requisite pam_pwquality.so minlen=9 try_first_pass local_users_only retry=3 authtok_type= enforce_for_root ocredit=0 lcredit=-1 ucredit=-1 dcredit=-1 [badw
ords=first2012++]
password required pam_pwhistory.so remember=10 use_authtok enforce_for_root
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
以下对我有用:
/tmp ❯❯❯ sudo su
[sudo] password for wani:
/tmp # ❯❯❯ useradd testuser
/tmp # ❯❯❯ echo -e "abtestuserab\nabtestuserab" | passwd testuser
Changing password for user testuser.
New password: BAD PASSWORD: The password contains the user name in some form
Retype new password: passwd: all authentication tokens updated successfully.
/tmp # ❯❯❯
如果我是 root 用户,那么 BAD PASSWORD 文本只是一个警告。