Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to set password rules for centos7. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

Set password rules for security reasons

Sets the number of days for the password to expire. The user must change the password within days. This setting affects only the created users, not the existing users. If set to an existing user, run the command "chage-M (days) (user)". PASS_MAX_DAYS 60 # password expiration time PASS_MIN_DAYS 3 # initial password change time PASS_MIN_LEN 8 # password minimum length PASS_WARN_AGE 7 # password expiration prompt time

Duplicate passwords restrict use

[root@linuxprobe~] # vi / etc/pam.d/system-auth# near line 15: prohibit to use the same password for 5 generation in pastpassword sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=5

Sets the minimum password length. Users cannot set a password length that is less than this parameter.

# set 8 for minimum password length [root@linuxprobe~] # authconfig-- passminlen=8-- update# the parameter is set in a config below [root@linuxprobe~] # grep "^ minlen" / etc/security/pwquality.confminlen = 8 # set the maximum number of consecutive characters of the same class in the new password # set 4 for maximum number of allowed consecutive characters of the same class [root@linuxprobe~] # authconfig-passmaxclassrepeat=4-update# the parameter is set in a config below [root@linuxprobe~] # grep "^ maxclassrepeat "/ etc/security/pwquality.confmaxclassrepeat = 4 # requires at least one lowercase character in the new password. [root@linuxprobe~] # authconfig-- enablereqlower-- update# the parameter is set in a config below# (if you'd like to edit the value, edit it with vi and others) [root@linuxprobe~] # grep "^ lcredit" / etc/security/pwquality.conflcredit =-1 # at least one uppercase character [root@linuxprobe~] # authconfig-- enablerequpper-- update# the parameter is set in a config below# (if you'd like to edit the value) is required in the new password Edit it with vi and others) [root@linuxprobe~] # grep "^ ucredit" / etc/security/pwquality.confucredit =-1 # at least one number is required in the new password [root@linuxprobe~] # authconfig-- enablereqdigit-- update# the parameter is set in a config below# (if you'd like to edit the value Edit it with vi and others) [root@linuxprobe~] # grep "^ dcredit" / etc/security/pwquality.confdcredit =-1 # password includes at least one special character [root@linuxprobe~] # authconfig-- enablereqother-- update# the parameter is set in a config below# (if you'd like to edit the value, edit it with vi and others) [root@linuxprobe~] # grep "^ ocredit" / etc/security/pwquality.confocredit =-1 # sets the maximum length of a monotonous character sequence in the new password. [root@linuxprobe~] # vi / etc/security/pwquality.conf# add to the endmaxsequence = 3 # set the number of characters in the new password that cannot appear in the old password [root@linuxprobe~] # vi / etc/security/pwquality.conf# add to the enddifok = 5 # check whether words longer than 3 characters in the GECOS field of the user's passwd entry are included in the new password. [root@linuxprobe~] # vi / etc/security/pwquality.conf# add to the endgecoscheck = 1 # set the list of Ssace-separated words that cannot be included in the password [root@linuxprobe~] # vi / etc/security/pwquality.conf# add to the endbadwords = denywords1 denywords2 denywords3 # set the hash / crypt algorithm for the new password. (default is sha512) # show current algorithm [root@linuxprobe~] # authconfig-- test | grep hashingpassword hashing algorithm is md5# chnage algorithm to sha512 [root@linuxprobe~] # authconfig-- passalgo=sha512-- update [root@linuxprobe~] # authconfig-- test | this is the end of grep hashingpassword hashing algorithm is sha512's article on "how to set password rules for centos7". I hope the above content can be helpful to you, so that you can learn more knowledge, if you think the article is good. Please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.