登錄提示 Your password has expired!(root enforced)
連有root權限的用戶也要改,但是輸入新密碼總是提示 Bad password: is too simple.
怎么輸入新密碼都提示這個 ===》》》 解決辦法:密碼還不夠復雜!用這個:9#kwT7rhSX^mQ&@I 作為新密碼登錄具有root權限的用戶,再使用下面的命令更改為簡單些的密碼
$ sudo passwd user-name # 仍會提示秘密too simple,但是能成功修改
深層次原因:
1) /etc/pam.d/common-password 中有一句下面這樣的命令
password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
改為
password [success=1 default=ignore] pam_unix.so minlen=1 sha512
(改完后好像要重啟還是怎么的才能生效,類似於source .bashrc這種操作,暫時沒找到怎么做)
其中obscure會進行額外的密碼健壯性檢查,用$ man pam_unix 可以查看,包括
obscure Enable some extra checks on password strength. These checks are based on the "obscure" checks in the original shadow package. The behavior is similar to the pam_cracklib module, but for non-dictionary-based checks. The following checks are implemented: Palindrome Verifies that the new password is not a palindrome of (i.e., the reverse of) the previous one. Case Change Only Verifies that the new password isn't the same as the old one with a change of case. Similar Verifies that the new password isn't too much like the previous one. Simple Is the new password too simple? This is based on the length of the password and the number of different types of characters (alpha, numeric, etc.) used. Rotated Is the new password a rotated version of the old password? (E.g., "billy" and "illyb")
可以看到,simple提示就是說明需要字符、數字等在密碼內,密碼足夠復雜才能通過檢查。
2)針對密碼到期的問題,可以使用下面的命令查看和修改密碼的有效期
$ chage -l user-name # 查看密碼有效期
$ chage -M -1 user-name # 修改最長有效期為 -1