작성자의 요청이 있을경우 자삭 함.
패스워드 등록시 최소 길이, 대/소문자 넣기 등등의 정책을 만들경우 해당되는 내용임
Issue:
Limitation:
Red Hat Enterprise Linux 3 Update 4 and later
In Red Hat Enterprise Linux Version 3 Update 4 and later, the PAM module pam_cracklib can be used to force password complexity requirements.
By making a simple change to the pam_cracklib.so line in /etc/pam.d/system-auth the following password characteristics can be required:
- Minimum password length (minlen)
- Minimum number of lower case letters (lcredit)
- Minimum number of upper case letters (ucredit)
- Minimum number of numeric characters (dcredit)
- Minimum number of non-alphanumeric characters (ocredit)
The following example shows a modified /etc/pam.d/system-auth pam_cracklib line:
password required /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1
With the above example users would be required to choose passwords that are at least 8 characters long, that have at least one lower case character, one uppercase character, one number and one special character. Note that to require any of these characteristics a negative number is specified.
The output below illustrates what happens when a user tries to make a password that does not meet these requirements:
[test500@localhost ~]$ passwd Changing password for user test500. Changing password for test500 (current) UNIX password: New UNIX password: BAD PASSWORD: is too simple New UNIX password:Password complexity is one of the most effective, and simple, security measures an administrator can implement.
(0) 
(0)Posted by 삐꾸강아쥐
