登录提示 Your password has expired!(root enforced)
连有root权限的用户也要改,但是输入新密码总是提示 Bad password: is too simple.
怎么输入新密码都提示这个 ===》》》 解决办法:密码还不够复杂!用这个:9#kwT7rhSX^mQ&@I 作为新密码登录具有root权限的用户,再使用下面的命令更改为简单些的密码
$ sudo passwd user-name # 仍会提示秘密too simple,但是能成功修改
深层次原因:
1) /etc/pam.d/common-password 中有一句下面这样的命令
password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
改为
password [success=1 default=ignore] pam_unix.so minlen=1 sha512
(改完后好像要重启还是怎么的才能生效,类似于source .bashrc这种操作,暂时没找到怎么做)
其中obscure会进行额外的密码健壮性检查,用$ man pam_unix 可以查看,包括
obscure Enable some extra checks on password strength. These checks are based on the "obscure" checks in the original shadow package. The behavior is similar to the pam_cracklib module, but for non-dictionary-based checks. The following checks are implemented: Palindrome Verifies that the new password is not a palindrome of (i.e., the reverse of) the previous one. Case Change Only Verifies that the new password isn't the same as the old one with a change of case. Similar Verifies that the new password isn't too much like the previous one. Simple Is the new password too simple? This is based on the length of the password and the number of different types of characters (alpha, numeric, etc.) used. Rotated Is the new password a rotated version of the old password? (E.g., "billy" and "illyb")
可以看到,simple提示就是说明需要字符、数字等在密码内,密码足够复杂才能通过检查。
2)针对密码到期的问题,可以使用下面的命令查看和修改密码的有效期
$ chage -l user-name # 查看密码有效期
$ chage -M -1 user-name # 修改最长有效期为 -1