欢迎来到天天文库
浏览记录
ID:35478166
大小:55.91 KB
页数:4页
时间:2019-03-25
《linux系统对密码复杂度的控制机制》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、linux系统对密码复杂度的控制机制我们在使用linux系统设置密码的时候,经常遇到这样的问题,系统提示:您的密码太简单,或者您的密码是字典的一部分。那么系统是如何实现对用户的密码的复杂度的检查的呢?系统对密码的控制是有两部分(我知道的)组成:1cracklib2login.defs声明:login,defs主要是控制密码的有效期。对密码进行时间管理。此处不细谈login,defs一一shadowpasswordsuiteconfigurationpam_cracklib.so才是控制密码复杂度的关键文件rcdhat公司专门开发了cracklib这个安装包来判断密码的复杂度可以rp
2、m-qlcracklib查看密码的复杂度的判断是通过pam模块控制来实现的,具体的模块是pam_cracklibpam_cracklib的参数介绍:debugThisoptionmakesthemodulewriteinformationtosyslog(3)indicatingthebehaviorofthemodule(thisoptiondoesnotwritepasswordinformationtothelogfile).type=XXXThedefaultactionisforthemoduletousethefollowingpromptswhenrequesting
3、passwords:〃NewUNIXpassword:"and〃RetypeUNIXpassword:ThedefaultwordUNIXcanbereplacedwiththisoption.retry=NPromptuseratmostNtimesbeforereturningwitherror.Thedefaultis1difok=NThisargumenlwil1changethedefaultof5forthenumberofchciractersinthenewpasswordthatmustnotbepresentintheoldpassword.Inaddition
4、,if1/2ofthecharactersinthenewpasswordaredifferentthenthenewpasswordwillbeacceptedan)^vay.difignore二NHowmanycharactersshouldthepasswordhavebeforedifokwillbeignored・Thedefaultis23.minlen=NTheminimumacceptablesizeforthenewpassword(plusoneifcreditsarenotdisabledwhichisthedefault).Inadditiontothenu
5、mberofcharactersinthenewpassword,credit(of+1inlength)isgivenforeachdifferentkindofcharacter(other,upper,loweranddigit).ThedefauItforthisparemeteris9whichisgoodforaoldstyleUNIXpasswordal1ofthesametypeofcharacterbutmaybetoolowtoexploittheaddedsecurityofamd5systcm.Notethatthereisapairoflongthlimi
6、tsinCracklibitself,a"waytooshort"limitof4whichishardcodedinandadefinedlimit(6)thatwillbecheckedwithoutreferencetominlen.Ifyouwanttoallowpasswordsasshortas5charactersyoushouldnotusethismodule.dcredit=N(N>=0)Thisisthemaximumcreditforhavingdigitsinthenewpassword.IfyouhavelessthanorNdigits,eachdig
7、itwillcount+1towardsmeetingthecurrentminlenvalue.Thedefaultfordcreditis1whichistherecommendedvalueforminlenlessthan10.(N<0)Thisistheminimumnumberofdigitsthatmustbemetforanewpassword.ucredit=N(N>=0)Thisisthemaximumcreditforhavinguppercas
此文档下载收益归作者所有