pam_cracklib.so try_first_pass retry=3 type= minlen=8 ucredit=-1 lcredit=-4 dcredit=-2 ocredit=-1是什么意思
时间: 2023-10-04 19:14:04 浏览: 339
这是 PAM (Pluggable Authentication Modules)的 Cracklib 模块的配置选项,用于设置密码策略。下面是各个选项的含义:
- `try_first_pass`:如果用户已经在前面的身份验证中输入了密码,则在尝试下一个模块之前重用密码。
- `retry=3`:如果用户第一次输入的密码无效,则允许重试 3 次。
- `type=`:指定密码类型,可以是 `minlen`(最小长度)、`dcredit`(数字字符要求)、`ucredit`(大写字符要求)、`lcredit`(小写字符要求)或 `ocredit`(其他字符要求)。
- `minlen=8`:密码最小长度为 8 个字符。
- `ucredit=-1`:要求至少包含一个大写字符,`-1` 表示如果密码中不包含大写字符,则认为密码不符合要求。
- `lcredit=-4`:要求至少包含一个小写字符,`-4` 表示如果密码中只包含一个小写字符,则得分为 0。
- `dcredit=-2`:要求至少包含一个数字字符,`-2` 表示如果密码中只包含一个数字字符,则得分为 0。
- `ocredit=-1`:要求至少包含一个其他字符,`-1` 表示如果密码中不包含其他字符,则认为密码不符合要求。
这些选项的含义可能因不同的操作系统和版本而有所不同。此处给出的是一个常见的例子。
相关问题
if [ -f "/etc/pam.d/system-auth" ];then if grep -q "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" /etc/pam.d/system-auth then sed -i '/password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/s/^#//' /etc/pam.d/system-auth else echo 'password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1' >> /etc/pam.d/system-auth fi if grep -q "password required pam_unix.so remember=5 use_authtok md5 shadow" /etc/pam.d/system-auth then sed -i '/password required pam_unix.so remember=5 use_authtok md5 shadow/s/^#//' /etc/pam.d/system-auth else echo 'password required pam_unix.so remember=5 use_authtok md5 shadow' >> /etc/pam.d/system-auth fi fi if [ -f "/etc/pam.d/password-auth-ac" ];then if grep -q "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" /etc/pam.d/password-auth-ac then sed -i '/password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/s/^#//' /etc/pam.d/password-auth-ac else echo 'password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1' >> /etc/pam.d/password-auth-ac fi if grep -q "password required pam_unix.so remember=5 use_authtok md5 shadow" /etc/pam.d/password-auth-ac then sed -i '/password required pam_unix.so remember=5 use_authtok md5 shadow/s/^#//' /etc/pam.d/password-auth-ac else echo 'password required pam_unix.so remember=5 use_authtok md5 shadow' >> /etc/pam.d/password-auth-ac fi fi
以下是将这些命令转换为Python代码的示例:
```python
import subprocess
system_auth_file = '/etc/pam.d/system-auth'
password_auth_ac_file = '/etc/pam.d/password-auth-ac'
# Update system-auth file
if subprocess.call('[ -f "/etc/pam.d/system-auth" ]', shell=True) == 0:
if subprocess.call('grep -q "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" /etc/pam.d/system-auth', shell=True) == 0:
subprocess.call("sed -i '/password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/s/^#//' /etc/pam.d/system-auth", shell=True)
else:
subprocess.call("echo 'password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1' >> /etc/pam.d/system-auth", shell=True)
if subprocess.call('grep -q "password required pam_unix.so remember=5 use_authtok md5 shadow" /etc/pam.d/system-auth', shell=True) == 0:
subprocess.call("sed -i '/password required pam_unix.so remember=5 use_authtok md5 shadow/s/^#//' /etc/pam.d/system-auth", shell=True)
else:
subprocess.call("echo 'password required pam_unix.so remember=5 use_authtok md5 shadow' >> /etc/pam.d/system-auth", shell=True)
# Update password-auth-ac file
if subprocess.call('[ -f "/etc/pam.d/password-auth-ac" ]', shell=True) == 0:
if subprocess.call('grep -q "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" /etc/pam.d/password-auth-ac', shell=True) == 0:
subprocess.call("sed -i '/password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/s/^#//' /etc/pam.d/password-auth-ac", shell=True)
else:
subprocess.call("echo 'password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1' >> /etc/pam.d/password-auth-ac", shell=True)
if subprocess.call('grep -q "password required pam_unix.so remember=5 use_authtok md5 shadow" /etc/pam.d/password-auth-ac', shell=True) == 0:
subprocess.call("sed -i '/password required pam_unix.so remember=5 use_authtok md5 shadow/s/^#//' /etc/pam.d/password-auth-ac", shell=True)
else:
subprocess.call("echo 'password required pam_unix.so remember=5 use_authtok md5 shadow' >> /etc/pam.d/password-auth-ac", shell=True)
```
上面的代码首先检查是否存在`/etc/pam.d/system-auth`文件,如果存在则更新该文件。如果文件中存在`password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1`行,则将其注释去除,否则将该行添加到文件末尾。接着,检查文件中是否存在`password required pam_unix.so remember=5 use_authtok md5 shadow`行,如果不存在则添加该行到文件末尾。
然后,检查是否存在`/etc/pam.d/password-auth-ac`文件,如果存在则更新该文件。如果文件中存在`password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1`行,则将其注释去除,否则将该行添加到文件末尾。接着,检查文件中是否存在`password required pam_unix.so remember=5 use_authtok md5 shadow`行,如果不存在则添加该行到文件末尾。
请确保你具有足够的权限来执行这些操作,并将需要修改的文件路径正确添加到`system_auth_file`和`password_auth_ac_file`变量中。运行代码后,命令将被执行。
逐条注释 ``` if [ -f "/etc/pam.d/password" ];then if grep -q "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" /etc/pam.d/password then sed -i '/password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/s/^#//' /etc/pam.d/password else echo 'password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1' >> /etc/pam.d/password fi if grep -q "password required pam_unix.so remember=5 use_authtok md5 shadow" /etc/pam.d/password then sed -i '/password required pam_unix.so remember=5 use_authtok md5 shadow/s/^#//' /etc/pam.d/password else echo 'password required pam_unix.so remember=5 use_authtok md5 shadow' >> /etc/pam.d/password fi fi ```
这段脚本的作用是检查/etc/pam.d/password文件是否存在,并对其进行修改或添加配置。具体解释如下:
```shell
if [ -f "/etc/pam.d/password" ];then
```
- 检查/etc/pam.d/password文件是否存在。如果存在,则执行下面的操作;如果不存在,则不执行并继续执行脚本的其他部分。
```shell
if grep -q "password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1" /etc/pam.d/password
then
sed -i '/password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1/s/^#//' /etc/pam.d/password
else
echo 'password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1' >> /etc/pam.d/password
fi
```
- 检查/etc/pam.d/password文件中是否存在"password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1"这一行。
- 如果存在,则使用sed命令将该行的行首的注释符号#去掉,即取消注释。
- 如果不存在,则在文件末尾添加一行"password requisite pam_cracklib.so retry=3 minlen=8 minclass=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1"。
```shell
if grep -q "password required pam_unix.so remember=5 use_authtok md5 shadow" /etc/pam.d/password
then
sed -i '/password required pam_unix.so remember=5 use_authtok md5 shadow/s/^#//' /etc/pam.d/password
else
echo 'password required pam_unix.so remember=5 use_authtok md5 shadow' >> /etc/pam.d/password
fi
```
- 检查/etc/pam.d/password文件中是否存在"password required pam_unix.so remember=5 use_authtok md5 shadow"这一行。
- 如果存在,则使用sed命令将该行的行首的注释符号#去掉,即取消注释。
- 如果不存在,则在文件末尾添加一行"password required pam_unix.so remember=5 use_authtok md5 shadow"。
这段脚本的目的是修改或添加/etc/pam.d/password文件中的密码策略配置,包括设置密码复杂度和密码保留历史记录等。
阅读全文