cent6, cent7 패스워드 복잡성 설정방법

centos 6버전

find / -name pam_cracklib.so
ll /lib64/security/ | grep pam_cracklib.so

vi /etc/pam.d/system-auth

password    requisite     pam_cracklib.so try_first_pass retry=5 type= minlen=8 lcredit=-1 
ucredit=-1 dcredit=-1 ocredit=-1

retry=3 : password 변경 때 3번 틀리면 변경 실패
minlen=8 : 최소 8자리 이상의 문자
lcredit=-1 : 최소 1개 이상의 소문자 포함
ucredit=-1 : 최소 1개 이상의 대문자 포함
dcredit=-1 : 최소 1개 이상의 숫자 포함
ocredit=-1 : 최소 1개 이상의 특수문자 포함


---------------------------------------------------------------------------------------

centos 7버전

pam_cracklib.so이 pam_pwquality.so로 변경

find / -name pam_pwquality.so
ll /lib64/security/ | grep pam_pwquality.so

/etc/security/pwquality.conf

  minlen = 8              // 최소 암호 길이  - 1. 과 중복?
  dcredit = -1            // 패스워드에 숫자 필요
  ucredit = -1            // 패스워드에 영문 대문자 필요
  lcredit = -1             // 패스워드에 영문 소문자 필요 
  ocredit = -1            // 패스워드에 특수문자 필요
  ※ 위 네가지(숫자, 대문자, 소문자, 특수문자)를 모두 포함하는 설정은 "minclass"


후에 pwquality.conf를 읽도록 pam 모듈에 추가

vi /etc/pam.d/system-auth-ac
password    required      pam_pwquality.so enforce_for_root

vi /etc/pam.d/password-auth-ac
password    required      pam_pwquality.so enforce_for_root