这里的要求是用户在设置新密码时不应再次使用最近使用过的 10 个密码。
如果用户尝试设置一个最近 10 次使用过的密码,他/她会收到如下所示的错误:
Changing password for user test. New UNIX password: Retype new UNIX password: Password has been already used. passwd: all authentication tokens updated successfully.
这是一种安全措施,可确保密码不会被黑客入侵,因为用户每次密码到期时都会继续设置新密码。
按照以下步骤设置密码限制。
- 修改文件 /etc/pam.d/system-auth 使其在第一次出现密码要求行后包含 pam 模块 pam_pwhistory :
# cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account required pam_permit.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password requisite pam_pwhistory.so debug use_authtok remember=10 retry=3 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so
- 现在尝试更改用户的密码。
# passwd test [Enter already used password]
现在你会看到系统会抛出一个错误,说密码过去已经被使用过。
Changing password for user test. New UNIX password: Retype new UNIX password: Password has been already used. passwd: all authentication tokens updated successfully.
日期:2020-09-17 00:11:52 来源:oir作者:oir