Linux賬戶密碼過期安全策略設定
阿新 • • 發佈:2019-01-26
其中一些常見的引數為
retry=N
改變輸入密碼的次數,預設值是1。就是說,如果使用者輸入的密碼強度不夠就退出。可以使用這個選項設定輸入的次數,以免一切都從頭再來
Prompt user at most N times before returning with error. The
default is 1
minlen=N
新密碼最低可接受的長度
The minimum acceptable size for the new password (plus one if
credits are not disabled which is the default). In addition to the
number of characters in the new password, credit (of +1 in length)
is given for each different kind of character (other, upper, lower
and digit). The default for this parameter is 9 which is good for a
old style UNIX password all of the same type of character but may
be too low to exploit the added security of a md5 system. Note that
there is a pair of length limits in Cracklib itself, a "way too
short" limit of 4 which is hard coded in and a defined limit (6)
that will be checked without reference to minlen. If you want to
allow passwords as short as 5 characters you should not use this
module.
difok=N
預設值為10。這個引數設定允許的新、舊密碼相同字元的個數。不過,如果新密碼中1/2的字元和舊密碼不同,則新密碼被接受
This argument will change the default of 5 for the number of
characters in the new password that must not be present in the old
password. In addition, if 1/2 of the characters in the new password
are different then the new password will be accepted anyway.
dcredit=N
限制新密碼中至少有多少個數字
(N >= 0) This is the maximum credit for having digits in the new
password. If you have less than or N digits, each digit will count
+1 towards meeting the current minlen value. The default for
dcredit is 1 which is the recommended value for minlen less than
10.
(N < 0) This is the minimum number of digits that must be met for a
new password.
ucredit=N
限制新密碼中至少有多少個大寫字元。
lcredit=N
限制新密碼中至少有多少個小寫字元。