Home System Tutorial LINUX How to set password rules in centos7? How to set password rules in centos7

How to set password rules in centos7? How to set password rules in centos7

Jan 07, 2024 pm 01:17 PM
centos7 Password rules

Set password rules for security reasons

设置密码到期的天数。 
用户必须在天内更改密码。 
此设置仅影响创建用户,而不会影响现有用户。 
如果设置为现有用户,请运行命令“chage -M(days)(user)”。
Copy after login
PASS_MAX_DAYS 60 # 密码到期时间
PASS_MIN_DAYS 3# 初始密码更改时间
PASS_MIN_LEN8# 密码最小长度
PASS_WARN_AGE 7# 密码过期提示时间
Copy after login

Restricted use of repeated passwords

 [root@linuxprobe~]# vi /etc/pam.d/system-auth
# near line 15: prohibit to use the same password for 5 generation in past

password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5
Copy after login

Set the minimum password length. Users cannot set a password length smaller than this parameter.

 # set 8 for minimum password length

[root@linuxprobe~]# authconfig --passminlen=8 --update
# the parameter is set in a config below

[root@linuxprobe~]# grep "^minlen" /etc/security/pwquality.conf
minlen = 8 

# 在新密码中设置同一类的允许连续字符的最大数目
 # set 4 for maximum number of allowed consecutive characters of the same class

[root@linuxprobe~]# authconfig --passmaxclassrepeat=4 --update
# the parameter is set in a config below

[root@linuxprobe~]# grep "^maxclassrepeat" /etc/security/pwquality.conf
maxclassrepeat = 4 

# 在新密码中至少需要一个小写字符。
 [root@linuxprobe~]# authconfig --enablereqlower --update
# the parameter is set in a config below
# (if you'd like to edit the value, edit it with vi and others)

[root@linuxprobe~]# grep "^lcredit" /etc/security/pwquality.conf
lcredit = -1 

# 在新密码中至少需要一个大写字符
 [root@linuxprobe~]# authconfig --enablerequpper --update
# the parameter is set in a config below

# (if you'd like to edit the value, edit it with vi and others)
[root@linuxprobe~]# grep "^ucredit" /etc/security/pwquality.conf
ucredit = -1 

# 在新密码中至少需要一个数字
 [root@linuxprobe~]# authconfig --enablereqdigit --update
# the parameter is set in a config below

# (if you'd like to edit the value, edit it with vi and others)
[root@linuxprobe~]# grep "^dcredit" /etc/security/pwquality.conf
dcredit = -1 

# 密码包括至少一个特殊字符
 [root@linuxprobe~]# authconfig --enablereqother --update
# the parameter is set in a config below

# (if you'd like to edit the value, edit it with vi and others)
[root@linuxprobe~]# grep "^ocredit" /etc/security/pwquality.conf
ocredit = -1 

# 在新密码中设置单调字符序列的最大长度。 (ex⇒'12345','fedcb')
 [root@linuxprobe~]# vi /etc/security/pwquality.conf
# add to the end
maxsequence = 3 

# 设置新密码中不能出现在旧密码中的字符数
 [root@linuxprobe~]# vi /etc/security/pwquality.conf
# add to the end
difok = 5 

# 检查来自用户passwd条目的GECOS字段的长度超过3个字符的字是否包含在新密码中。
 [root@linuxprobe~]# vi /etc/security/pwquality.conf
# add to the end
gecoscheck = 1 

# 设置不能包含在密码中的Ssace分隔的单词列表
 [root@linuxprobe~]# vi /etc/security/pwquality.conf
# add to the end
badwords = denywords1 denywords2 denywords3 

# 为新密码设置hash / crypt算法。 (默认为sha512)
# show current algorithm

[root@linuxprobe~]# authconfig --test | grep hashing

password hashing algorithm is md5
# chnage algorithm to sha512

[root@linuxprobe~]# authconfig --passalgo=sha512 --update
[root@linuxprobe~]# authconfig --test | grep hashing
password hashing algorithm is sha512 
Copy after login

The above is the detailed content of How to set password rules in centos7? How to set password rules in centos7. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

CentOS7 various version image download addresses and version descriptions (including Everything version) CentOS7 various version image download addresses and version descriptions (including Everything version) Feb 29, 2024 am 09:20 AM

When loading CentOS-7.0-1406, there are many optional versions. For ordinary users, they don’t know which one to choose. Here is a brief introduction: (1) CentOS-xxxx-LiveCD.ios and CentOS-xxxx- What is the difference between bin-DVD.iso? The former only has 700M, and the latter has 3.8G. The difference is not only in size, but the more essential difference is that CentOS-xxxx-LiveCD.ios can only be loaded into the memory and run, and cannot be installed. Only CentOS-xxx-bin-DVD1.iso can be installed on the hard disk. (2) CentOS-xxx-bin-DVD1.iso, Ce

Steps to enter CentOS 7 emergency repair mode Steps to enter CentOS 7 emergency repair mode Jan 13, 2024 am 09:36 AM

Open the centos7 page and appear: welcome to emergency mode! afterloggingin, type "journalctl -xb" to viewsystemlogs, "systemctlreboot" toreboot, "systemctldefault" to tryagaintobootintodefaultmode. giverootpasswordformaintenance(??Control-D???): Solution: execute r

How to install mbstring extension under CENTOS7? How to install mbstring extension under CENTOS7? Jan 06, 2024 pm 09:59 PM

1.UncaughtError:Calltoundefinedfunctionmb_strlen(); When the above error occurs, it means that we have not installed the mbstring extension; 2. Enter the PHP installation directory cd/temp001/php-7.1.0/ext/mbstring 3. Start phpize(/usr/local/bin /phpize or /usr/local/php7-abel001/bin/phpize) command to install php extension 4../configure--with-php-config=/usr/local/php7-abel

How to install Mysql in CentOS7 and set it to start automatically at boot How to install Mysql in CentOS7 and set it to start automatically at boot Jun 02, 2023 pm 08:36 PM

Centos7 does not have a mysql database. The default database is mariadb (a branch of mysql). You can install the mysql database manually by following the steps below. 1. Download the rpm installation file wgethttp://repo.mysql.com/mysql-community-release-el7.rpm 2. Execute rpm to install rpm-ivhmysql-community-release-el7.rpm. After the dependency resolution is completed, the following options appear: dependenciesresolved =================================

How to set password rules in centos7? How to set password rules in centos7 How to set password rules in centos7? How to set password rules in centos7 Jan 07, 2024 pm 01:17 PM

Set password rules for security reasons Set the number of days after which passwords expire. User must change password within days. This setting only affects created users, not existing users. If setting to an existing user, run the command "chage -M (days) (user)". PASS_MAX_DAYS60#Password expiration time PASS_MIN_DAYS3#Initial password change time PASS_MIN_LEN8#Minimum password length PASS_WARN_AGE7#Password expiration prompt time Repeat password restriction use [root@linuxprobe~]#vi/etc/pam.d/system-auth#nearline15:

How to access and clean junk files in /tmp directory in CentOS 7? How to access and clean junk files in /tmp directory in CentOS 7? Dec 27, 2023 pm 09:10 PM

There is a lot of garbage in the tmp directory in the centos7 system. If you want to clear the garbage, how should you do it? Let’s take a look at the detailed tutorial below. To view the list of files in the tmp file directory, execute the command cdtmp/ to switch to the current file directory of tmp, and execute the ll command to view the list of files in the current directory. As shown below. Use the rm command to delete files. It should be noted that the rm command deletes files from the system forever. Therefore, it is recommended that when using the rm command, it is best to give a prompt before deleting the file. Use the command rm-i file name, wait for the user to confirm deletion (y) or skip deletion (n), and the system will perform corresponding operations. As shown below.

How to modify and set the default shortcut keys of CentOS7? How to modify and set the default shortcut keys of CentOS7? Jan 09, 2024 pm 06:14 PM

When the default shortcut keys conflict with the keys of the software you are using or you need to use the shortcut keys according to your own habits, you have to modify and set the default shortcut keys. How to modify the default shortcut keys of CentOS7? Let’s take a look at the detailed tutorial below. 1. Start the Centos7 system in the virtual machine and enter the desktop. 2. Click Applications->System Tools->Settings in the upper left corner. 3. Enter the setting interface and click the device. 4. Select Keyboard and click any item on the right. And press the shortcut key to be set on the keyboard to change its shortcut key (note that some cannot be changed!) 5. After the change, as shown below, finally click Settings, so that the shortcut key setting modification is completed.

Disable IPv6 for CentOS 7, use only IPv4 Disable IPv6 for CentOS 7, use only IPv4 Jan 15, 2024 pm 10:39 PM

centos7 uses the ipv6 protocol. If a problem occurs, it will be difficult to troubleshoot. So if you want to turn off ipv6, how should you turn it off? Let’s take a look at the detailed tutorial below. 1. Use the ifconfig command to check the network card information. If inet6fe80::20c:29ff:fed0:3514 appears, it means that the machine has ipv62 enabled. Edit the /etc/sysctl.conf configuration and add net.ipv6.conf.all.disable_ipv6=13. Edit /etc/sysconfig/network configuration, add NETWORKING_IPV6=no, save and exit 4. Edit /etc/s

See all articles