# set 8 for minimum password length
[root@linuxprobe~]# authconfig --passminlen=8 --update
# the parameter is set in a config below
[root@linuxprobe~]# grep "^minlen" /etc/security/pwquality.conf
minlen = 8
# 在新密碼中設(shè)置同一類的允許連續(xù)字符的最大數(shù)目
# set 4 for maximum number of allowed consecutive characters of the same class
[root@linuxprobe~]# authconfig --passmaxclassrepeat=4 --update
# the parameter is set in a config below
[root@linuxprobe~]# grep "^maxclassrepeat" /etc/security/pwquality.conf
maxclassrepeat = 4
# 在新密碼中至少需要一個(gè)小寫字符。
[root@linuxprobe~]# authconfig --enablereqlower --update
# the parameter is set in a config below
# (if you'd like to edit the value, edit it with vi and others)
[root@linuxprobe~]# grep "^lcredit" /etc/security/pwquality.conf
lcredit = -1
# 在新密碼中至少需要一個(gè)大寫字符
[root@linuxprobe~]# authconfig --enablerequpper --update
# the parameter is set in a config below
# (if you'd like to edit the value, edit it with vi and others)
[root@linuxprobe~]# grep "^ucredit" /etc/security/pwquality.conf
ucredit = -1
# 在新密碼中至少需要一個(gè)數(shù)字
[root@linuxprobe~]# authconfig --enablereqdigit --update
# the parameter is set in a config below
# (if you'd like to edit the value, edit it with vi and others)
[root@linuxprobe~]# grep "^dcredit" /etc/security/pwquality.conf
dcredit = -1
# 密碼包括至少一個(gè)特殊字符
[root@linuxprobe~]# authconfig --enablereqother --update
# the parameter is set in a config below
# (if you'd like to edit the value, edit it with vi and others)
[root@linuxprobe~]# grep "^ocredit" /etc/security/pwquality.conf
ocredit = -1
# 在新密碼中設(shè)置單調(diào)字符序列的最大長(zhǎng)度。 (ex⇒'12345','fedcb')
[root@linuxprobe~]# vi /etc/security/pwquality.conf
# add to the end
maxsequence = 3
# 設(shè)置新密碼中不能出現(xiàn)在舊密碼中的字符數(shù)
[root@linuxprobe~]# vi /etc/security/pwquality.conf
# add to the end
difok = 5
# 檢查來(lái)自用戶passwd條目的GECOS字段的長(zhǎng)度超過(guò)3個(gè)字符的字是否包含在新密碼中。
[root@linuxprobe~]# vi /etc/security/pwquality.conf
# add to the end
gecoscheck = 1
# 設(shè)置不能包含在密碼中的Ssace分隔的單詞列表
[root@linuxprobe~]# vi /etc/security/pwquality.conf
# add to the end
badwords = denywords1 denywords2 denywords3
# 為新密碼設(shè)置hash / crypt算法。 (默認(rèn)為sha512)
# show current algorithm
[root@linuxprobe~]# authconfig --test | grep hashing
password hashing algorithm is md5
# chnage algorithm to sha512
[root@linuxprobe~]# authconfig --passalgo=sha512 --update
[root@linuxprobe~]# authconfig --test | grep hashing
password hashing algorithm is sha512