How to set password rules in centos7? How to set password rules in centos7

Set password rules for security reasons

设置密码到期的天数。 
用户必须在天内更改密码。 
此设置仅影响创建用户，而不会影响现有用户。 
如果设置为现有用户，请运行命令“chage -M（days）（user）”。

PASS_MAX_DAYS 60 # 密码到期时间
PASS_MIN_DAYS 3# 初始密码更改时间
PASS_MIN_LEN8# 密码最小长度
PASS_WARN_AGE 7# 密码过期提示时间

Restricted use of repeated passwords

 [root@linuxprobe~]# vi /etc/pam.d/system-auth
# near line 15: prohibit to use the same password for 5 generation in past

password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5

Set the minimum password length. Users cannot set a password length smaller than this parameter.

 # set 8 for minimum password length

[root@linuxprobe~]# authconfig --passminlen=8 --update
# the parameter is set in a config below

[root@linuxprobe~]# grep "^minlen" /etc/security/pwquality.conf
minlen = 8 

# 在新密码中设置同一类的允许连续字符的最大数目
 # set 4 for maximum number of allowed consecutive characters of the same class

[root@linuxprobe~]# authconfig --passmaxclassrepeat=4 --update
# the parameter is set in a config below

[root@linuxprobe~]# grep "^maxclassrepeat" /etc/security/pwquality.conf
maxclassrepeat = 4 

# 在新密码中至少需要一个小写字符。
 [root@linuxprobe~]# authconfig --enablereqlower --update
# the parameter is set in a config below
# (if you'd like to edit the value, edit it with vi and others)

[root@linuxprobe~]# grep "^lcredit" /etc/security/pwquality.conf
lcredit = -1 

# 在新密码中至少需要一个大写字符
 [root@linuxprobe~]# authconfig --enablerequpper --update
# the parameter is set in a config below

# (if you'd like to edit the value, edit it with vi and others)
[root@linuxprobe~]# grep "^ucredit" /etc/security/pwquality.conf
ucredit = -1 

# 在新密码中至少需要一个数字
 [root@linuxprobe~]# authconfig --enablereqdigit --update
# the parameter is set in a config below

# (if you'd like to edit the value, edit it with vi and others)
[root@linuxprobe~]# grep "^dcredit" /etc/security/pwquality.conf
dcredit = -1 

# 密码包括至少一个特殊字符
 [root@linuxprobe~]# authconfig --enablereqother --update
# the parameter is set in a config below

# (if you'd like to edit the value, edit it with vi and others)
[root@linuxprobe~]# grep "^ocredit" /etc/security/pwquality.conf
ocredit = -1 

# 在新密码中设置单调字符序列的最大长度。 （ex⇒'12345'，'fedcb'）
 [root@linuxprobe~]# vi /etc/security/pwquality.conf
# add to the end
maxsequence = 3 

# 设置新密码中不能出现在旧密码中的字符数
 [root@linuxprobe~]# vi /etc/security/pwquality.conf
# add to the end
difok = 5 

# 检查来自用户passwd条目的GECOS字段的长度超过3个字符的字是否包含在新密码中。
 [root@linuxprobe~]# vi /etc/security/pwquality.conf
# add to the end
gecoscheck = 1 

# 设置不能包含在密码中的Ssace分隔的单词列表
 [root@linuxprobe~]# vi /etc/security/pwquality.conf
# add to the end
badwords = denywords1 denywords2 denywords3 

# 为新密码设置hash / crypt算法。 （默认为sha512）
# show current algorithm

[root@linuxprobe~]# authconfig --test | grep hashing

password hashing algorithm is md5
# chnage algorithm to sha512

[root@linuxprobe~]# authconfig --passalgo=sha512 --update
[root@linuxprobe~]# authconfig --test | grep hashing
password hashing algorithm is sha512 

The above is the detailed content of How to set password rules in centos7? How to set password rules in centos7. For more information, please follow other related articles on the PHP Chinese website!