linux下使用pam密码策略 怎么实现不让使用前3次旧密码??? 关于LINUX下密码策略,PAM的问题。
\u5982\u4f55\u8bbe\u7f6ePAM\u6a21\u5757\u63a7\u5236Linux\u5bc6\u7801\u7b56\u7565\u3000\u3000\u9996\u5148\u68c0\u67e5\u5bc6\u7801\u662f\u5426\u662f\u5b57\u5178\u7684\u4e00\u90e8\u5206\uff0c\u5982\u679c\u4e0d\u662f\uff0c\u5219\u8fdb\u884c\u4e0b\u9762\u7684\u68c0\u67e5
\u3000\u3000\u5bc6\u7801\u5f3a\u5ea6\u68c0\u6d4b\u8fc7\u7a0b
\u3000\u3000These checks are:
\u3000\u3000Palindrome
\u3000\u3000Is the new password a palindrome of the old one?
\u3000\u3000\u65b0\u5bc6\u7801\u662f\u5426\u65e7\u5bc6\u7801\u7684\u56de\u6587
\u3000\u3000Case Change Only
\u3000\u3000Is the new password the the old one with only a change of case?
\u3000\u3000\u65b0\u5bc6\u7801\u662f\u5426\u53ea\u662f\u5c31\u5bc6\u7801\u6539\u53d8\u4e86\u5927\u5c0f\u5199
\u3000\u3000Similar
\u3000\u3000Is the new password too much like the old one?
\u3000\u3000\u65b0\u5bc6\u7801\u662f\u5426\u548c\u65e7\u5bc6\u7801\u5f88\u76f8\u4f3c\uff01
\u8fd9\u4e2a\u5199\u7684\u4e0d\u662f\u53ef\u4ee5\u5417
\u4f60\u7684\u5148\u4e86\u89e3\u4e0bauth account session
require requisite sufficient optional include
\u518d\u4e86\u89e3pam_crackli.so\u7a0b\u5e8f\u6a21\u5757\u7684\u53c2\u6570\u8bbe\u7f6e
\u6587\u672c\u767b\u5f55 \u80af\u5b9a\u662f\u8981\u6539/etc/pam.d/login\u7684
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok rememeber=3 ,看到木有,就是需要加remember=3,3次嘛
不知道你是那个发行版。
首先你的电脑要安装pam_unix2.so模块(一般默认都安装了)
Redhat/Fedora/CentOS 系列的linux 编辑 /etc/pam.d/system-auth
Debian/Ubentu/Suse 系列的linux 编辑 /etc/pam.d/common-auth把含有 pam_unix.so的这行编辑成:
password sufficient pam_unix.so use_authtok md5 shadow remember=3(默认的是13)
还有就是要创建一个旧密码记录文件/etc/security/opasswd,以及设置密码生命周期
绛旓細1銆佸噯澶囥傚畨瑁呬竴涓PAM妯″潡鏉ュ惎鐢╟racklib鏀寔锛岃繖鍙互鎻愪緵棰濆鐨勫瘑鐮佹鏌ュ姛鑳姐傚湪Debin,Ubuntu鎴栬Linux Mint浣跨敤鍛戒护锛歴udo apt-get install libpam-cracklib 杩欎釜妯″潡鍦–entOS,Fedora鎴栬匯HEL榛樿瀹夎浜嗐傛墍浠ュ湪杩欎簺绯荤粺涓婂氨娌℃湁蹇呰瀹夎浜嗐傚瑕佸己鍒舵墽琛瀵嗙爜绛栫暐锛屾垜浠渶瑕佷慨鏀/etc/pam.d杩欎釜涓庤韩浠介獙璇...
绛旓細鐢变簬鍏徃浣跨敤鐨勬槸RedHat鐨linux鏁呮鎴戝皢浣跨敤pam.d杩欎釜閰嶇疆鐩綍銆瀵嗙爜澶嶆潅搴﹂氳繃/etc/pam.d/system-auth杩欎釜鏂囦欢鏉ュ疄鐜扮殑鏁呮鎴戜滑鍏堢湅涓涓嬮粯璁ゆ湁浠涔堝唴瀹圭劧鍚庡皢杩欎釜鏂囦欢澶囦唤涓涓細 鍦ㄨ繖涓枃浠朵腑鎴戜滑浼鐢ㄥ埌pam_cracklib.so杩欎釜妯″潡銆俻am_cracklib.so鏄竴涓父鐢ㄥ苟涓旈潪甯搁噸瑕佺殑PAM妯″潡銆傝妯″潡...
绛旓細浣犵殑鎰忔濆氨鏄瘡娆¤缃瘑鐮佺殑鏃跺欎笉鑳藉拰涓婁竴娆″瘑鐮侀噸澶嶆槸鍚э紝瀵嗙爜绛栫暐鍦/etc/pam.d/system-auth閲屼慨鏀筽assword涓鍏呭垎鏉′欢sufficient鐨勯偅涓琛岋紝闇瑕佸姞杞絧am_unix.so闈欐佸簱鏂囦欢锛屽悗闈㈠湪鍔犱竴浜涘弬鏁帮紝濡傛灉浣犳病鏈夐偅涓琛岀殑璇濓紝灏遍渶瑕佽嚜宸卞姞浜嗭紝鏄厖鍒嗘潯浠跺晩锛屾垜鐨勭幆澧冩槸rhel6鐨勶紝瀹屾暣涓琛岀殑鍐呭鏄 password s...
绛旓細涓銆佸噯澶囧伐浣滃畨瑁 PAM 鐨 cracklib 妯″潡锛宑racklib 鑳芥彁渚涢澶栫殑瀵嗙爜妫鏌ヨ兘鍔涖侱ebian銆乁buntu 鎴 Linux Mint 绯荤粺涓婏細1 $ sudo apt-get install libpam-cracklibCentOS銆丗edora銆丷HEL 绯荤粺宸茬粡榛樿瀹夎浜 cracklib PAM 妯″潡锛屾墍浠ュ湪杩欎簺绯荤粺涓婃棤闇鎵ц涓婇潰鐨勬搷浣溿備负浜嗗己鍒跺疄鏂瀵嗙爜绛栫暐锛屾垜浠渶瑕佷慨鏀 /...
绛旓細1.鍑嗗 瀹夎涓涓PAM妯″潡鏉ュ惎鐢╟racklib鏀寔锛岃繖鍙互鎻愪緵棰濆鐨勫瘑鐮佹鏌ュ姛鑳姐 鍦―ebin,Ubuntu鎴栬Linux Mint浣跨敤鍛戒护锛歴udo apt-get install libpam-cracklib 杩欎釜妯″潡鍦–entOS,Fedora鎴栬匯HEL榛樿瀹夎浜嗐傛墍浠ュ湪杩欎簺绯荤粺涓婂氨娌℃湁蹇呰瀹夎浜嗐傚瑕佸己鍒舵墽琛瀵嗙爜绛栫暐锛屾垜浠渶瑕佷慨鏀/etc/pam.d杩欎釜涓庤韩浠介獙璇...
绛旓細1銆Linux瀵瑰簲鐨瀵嗙爜绛栫暐妯″潡鏈夛細pam_passwdqc 鍜 pam_pwquality 銆傚叾涓璸am_passwdqc妯″潡瀵瑰簲鐨勬槸/etc/login.defs锛宲am_pwquality瀵瑰簲鐨勬槸/etc/security/pwquality.conf , 鎴戣寰楅粯璁ゅ氨鍖呭惈鐢ㄦ埛鍚嶄笌瀵嗙爜涓嶈兘涓鑷淬linux璁剧疆瀵嗙爜澶嶆潅绋嬪害 2銆佹ā鍧楃殑娣诲姞鏂规硶锛/etc/pam.d/passwd password required ...
绛旓細鍦linux锛岃缃瀵嗙爜澶嶆潅搴︾殑鏂规硶鏈夊嚑涓 1. 涓涓槸鍦/etc/login.defs鏂囦欢锛岄噷闈㈠嚑涓夐」 PASS_MAX_DAYS 90 #瀵嗙爜鏈闀胯繃鏈熷ぉ鏁 PASS_MIN_DAYS 80 #瀵嗙爜鏈灏忚繃鏈熷ぉ鏁 PASS_MIN_LEN 10 #瀵嗙爜鏈灏忛暱搴 PASS_WARN_AGE 7 #瀵嗙爜杩囨湡璀﹀憡澶╂暟 2. 鍙﹀涓涓柟娉曟槸锛屼慨鏀/etc/pam.d...
绛旓細1銆Linux绯荤粺鐨勭敤鎴峰笎鍙风瓥鐣ョ紪杈/etc/pam.d/system-auth 娣诲姞濡備笅璇彞銆 auth required /lib/security/$ISA/pam_tally.so deny=5 account required pam_tally.so璇ヨ鍙ョ殑瑙i噴锛氬瘑鐮佹渶澶ц仈绯荤櫥褰6娆★紝瓒呰繃鍙兘鑱旂郴绠$悊鍛樸2銆瀵嗙爜绛栫暐 2.1缂栬緫/etc/login.defs 鎸囧畾濡備笅鍙傛暟鐨勫笺 PASS...
绛旓細1銆佽繛鎺ヤ笂鐩稿簲鐨linux涓绘満锛岃繘鍏ュ埌绛夊緟杈撳叆shell鎸囦护鐨刲inux鍛戒护琛岀姸鎬佷笅銆2銆佸叾娆★紝鍦╨inux鍛戒护琛屼腑杈撳叆锛歱asswdtempuser銆3銆佹渶鍚庯紝鎸変笅鍥炶溅閿墽琛宻hell鎸囦护锛屾鏃朵細鐪嬪埌瑕佹眰璁剧疆鐢ㄦ埛tempuser鐨勬柊瀵嗙爜銆傚浣曞湪Linux涓虹郴缁熺敤鎴疯缃瘑鐮佸鏉傚害绛栫暐锛熸壘鍒板悓鏃舵湁鈥password鈥濆拰鈥pam_cracklib.so鈥濆瓧娈靛苟涓旈檮鍔犳湁...
绛旓細1銆佷慨鏀箂sh閰嶇疆鏂囦欢锛岀姝oot鐧诲綍锛岄鍑烘墍鏈夊笎鍙凤紝浣跨敤root鐧诲綍绯荤粺 鎵惧埌 #PermitRootLoogin yes 鏀逛负PermitRootLoogin no 鎸塃sc鐒跺悗:wq淇濆瓨閫鍑 閫鍑 鐢╮oot 杩炴帴锛氭樉绀烘嫆缁濊闂 浣跨敤鏅氱敤鎴 2 銆佷慨鏀归厤缃枃浠讹紝灏瀵嗙爜鏈鐭涓8涓猴紝鍒涘缓鏂拌处鎴凤紝鎻愮ず閿欒淇℃伅 鎵惧埌 PASS_MIN_LEN 5 鏀逛负 ...
