0

我对 linux passwd 策略有一些了解,我已经建立了一个新用户

useradd testuser

我想在abtestuserab 输入时设置测试用户的密码

passwd testuser

输入abtestuserab 失败,终端报错

BAD PASSWORD: The password contains the user name in some form

那么,如何使密码有效。/etc/pam.d/system-auth 是这样的

auth        required      pam_tally2.so onerr=fail deny=10 unlock_time=600 root_unlock_time=600 audit
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     required      pam_permit.so

password    requisite     pam_pwquality.so minlen=9 try_first_pass local_users_only retry=3 authtok_type= enforce_for_root ocredit=0 lcredit=-1 ucredit=-1 dcredit=-1 [badw
ords=first2012++]
password    required      pam_pwhistory.so remember=10 use_authtok enforce_for_root
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
4

1 回答 1

5

以下对我有用:

/tmp ❯❯❯ sudo su
[sudo] password for wani: 
/tmp # ❯❯❯ useradd testuser
/tmp # ❯❯❯ echo -e "abtestuserab\nabtestuserab" | passwd testuser
Changing password for user testuser.
New password: BAD PASSWORD: The password contains the user name in some form
Retype new password: passwd: all authentication tokens updated successfully.
/tmp # ❯❯❯

如果我是root用户,那么BAD PASSWORD文本只是一个警告。

于 2016-08-05T04:25:21.040 回答