首先检查密码是否是字典的一部分,如果不是,则进行下面的检查
密码强度检测过程
These checks are:
Palindrome
Is the new password a palindrome of the old one?
新密码是否旧密码的回文
Case Change Only
Is the new password the the old one with only a change of case?
新密码是否只是就密码改变了大小写
Similar
Is the new password too much like the old one?
新密码是否和旧密码很相似
This is primarily controlled by one argument, difok which is a number of characters that if different between the old and new are enough to accept the new password, this defaults to 10 or 1/2 the size of the new password whichever is smaller.
To avoid the lockup associated with trying to change a long and complicated password, difignore is available. This argument can be used to specify the minimum length a new password needs to be before the difok value is ignored. The default value for difignore is 23.
Simple
Is the new password too small?
新密码是否太短
This is controlled by 5 arguments minlen, dcredit, ucredit, lcredit, and ocredit. See the section on the arguments for the details of how these work and there defaults.
Rotated
Is the new password a rotated version of the old password?
新密码的字符是否是旧密码字符的一个循环
例如旧密码:123
新密码:231
Already used
Was the password used in the past?
这个密码以前是否使用过
Previously used passwords are to be found in /etc/security/opasswd.
那么系统是如何实现这个控制的呢?
在系统的配置文件/etc/pam.d/system-auth 中有这样一行
password requisite pam_cracklib.so try_first_pass retry=3
我们可以根据pam_cracklib的参数这样配置这个pam模块来达到我们想要的目的
password required /lib/security/pam_cracklib.so retry=3 type= minlen=8 difok=3 dictpath=/path/to/dict
内容全部来源于网络收集,如有侵权,请联系网站删除:QQ:24596024