ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Tsim Txoj Cai Password hauv Linux

Tsim Txoj Cai Password hauv Linux

Nyob zoo dua! Cov chav kawm hauv pab pawg tshiab yuav pib tag kis "Linux Administrator", nyob rau hauv no hais txog, peb tab tom tshaj tawm ib tsab xov xwm muaj txiaj ntsig ntawm lub ncauj lus.

Tsim Txoj Cai Password hauv Linux

Hauv kev qhia yav dhau los peb tau qhia koj yuav siv li cas pam_cracklibua kom cov passwords ntawm cov kab ke nyuaj dua Lub kaus mom liab 6 los yog CentOS. Hauv Red Hat 7 pam_pwquality hloov cracklib raws li pam default module rau xyuas cov passwords. Module pam_pwquality kuj txhawb nqa ntawm Ubuntu thiab CentOS, nrog rau ntau lwm OSes. Cov qauv no ua rau nws yooj yim los tsim cov cai tswj hwm tus password kom ntseeg tau tias cov neeg siv lees txais koj cov qauv siv zog password.

Tau ntev, txoj hauv kev zoo tshaj plaws rau tus password yog yuam kom tus neeg siv siv tus lej loj, tus lej me, tus lej, lossis lwm cov cim. Cov kev cai yooj yim rau lo lus zais tsis yooj yim tau nthuav dav tshaj kaum xyoo dhau los. Muaj ntau qhov kev sib tham txog seb qhov no puas yog kev coj ua zoo lossis tsis yog. Qhov kev sib cav tseem ceeb tawm tsam teeb tsa cov xwm txheej nyuaj no yog tias cov neeg siv sau cov passwords rau ntawm daim ntawv thiab khaws cia tsis ruaj ntseg.

Lwm txoj cai uas tsis ntev los no tau raug hu mus rau lo lus nug yuam cov neeg siv hloov lawv tus password txhua x hnub. Muaj qee qhov kev tshawb fawb tau pom tias qhov no kuj ua rau muaj kev nyab xeeb.

Ntau cov ntawv tau sau rau ntawm lub ntsiab lus ntawm cov kev sib tham no, uas qhia txog ib qho kev xav lossis lwm qhov. Tab sis qhov no tsis yog qhov peb yuav tham hauv kab lus no. Kab lus no yuav tham txog yuav ua li cas kom teeb tsa tus password nyuaj dua li tswj hwm txoj cai ruaj ntseg.

Txoj cai Password Settings

Hauv qab no koj yuav pom tus password txoj cai xaiv thiab cov lus piav qhia luv luv ntawm txhua tus. Muaj ntau ntawm lawv zoo ib yam li cov tsis nyob rau hauv lub module cracklib. Txoj hauv kev no ua rau nws yooj yim dua los xa koj cov cai los ntawm cov txheej txheem qub txeeg qub teg.

  • kuv thov txim - Tus naj npawb ntawm cov cim hauv koj tus password tshiab uas yuav tsum tsis txhob muaj nyob hauv koj tus password qub. (Default 5)
  • tsawg - Yam tsawg kawg lo lus zais ntev. (Default 9)
  • credit - Cov qhab nia siab tshaj plaws rau kev siv cov cim loj (yog tias tsis muaj> 0), lossis tsawg kawg yuav tsum muaj tus lej loj (yog tias ntsuas <0). Default yog 1.
  • lcredit - Cov qhab nia siab tshaj plaws rau kev siv cov cim qis (yog tias qhov ntsuas> 0), lossis qhov tsawg kawg nkaus yuav tsum muaj tus lej qis (yog tias ntsuas <0). Default yog 1.
  • credit - Tus lej siab tshaj plaws rau kev siv tus lej (yog tias qhov ntsuas> 0), lossis qhov tsawg kawg nkaus yuav tsum muaj tus lej (yog tias ntsuas <0). Default yog 1.
  • nws ntseeg - Cov qhab nia siab tshaj plaws rau kev siv lwm cov cim (yog tias tsis muaj> 0), lossis tsawg kawg yuav tsum muaj tus lej ntawm lwm cov cim (yog tias ntsuas <0). Default yog 1.
  • minclass - Teem cov chav kawm uas xav tau. Cov chav kawm muaj xws li cov lus saum toj no (cov cim sau ntawv, cov cim qis, cov lej, thiab lwm yam). Default yog 0.
  • maxrepeat ua - Ntau zaus tus cim tuaj yeem rov ua dua hauv tus password. Default yog 0.
  • maxclassrepeat ua - Qhov ntau tshaj ntawm cov cim sib law liag hauv ib chav kawm. Default yog 0.
  • gecoscheck ua - Tshawb xyuas seb tus password puas muaj cov lus los ntawm tus neeg siv GECOS cov hlua. (Cov ntaub ntawv neeg siv, piv txwv li lub npe tiag, qhov chaw, thiab lwm yam) Default yog 0 (tawm).
  • dictpath - Cia peb mus rau cracklib phau ntawv txhais lus.
  • lus phem - Cov lus sib cais ntawm qhov chaw uas txwv tsis pub siv tus password (Lub tuam txhab npe, lo lus "password", thiab lwm yam).

Yog hais tias lub tswv yim ntawm kev qiv nyiaj txawv txawv, nws tsis yog, nws yog qhov qub. Peb mam li tham ntxiv txog qhov no hauv cov lus hauv qab no.

Txoj cai Password Configuration

Ua ntej koj pib kho cov ntaub ntawv teeb tsa, nws yog ib qho kev coj ua zoo los sau cov cai tswj hwm tus password yooj yim ua ntej. Piv txwv li, peb yuav siv cov kev cai nyuaj hauv qab no:

  • Tus password yuav tsum muaj tsawg kawg yog 15 cim.
  • Tib lub cim yuav tsum tsis txhob rov qab ntau dua ob zaug hauv tus password.
  • Cov chav kawm ua cim tuaj yeem rov ua dua li plaub zaug hauv tus password.
  • Tus password yuav tsum muaj cov cim los ntawm txhua chav kawm.
  • Tus password tshiab yuav tsum muaj 5 tus cim tshiab piv rau tus qub.
  • Qhib GECOS check.
  • Txwv tsis pub cov lus "password, pass, lo lus, putorius"

Tam sim no uas peb tau tso tawm txoj cai, peb tuaj yeem hloov kho cov ntaub ntawv /etc/security/pwquality.confkom nce password complexity yuav tsum. Hauv qab no yog cov ntaub ntawv piv txwv nrog cov lus pom kom nkag siab zoo dua. 

# Make sure 5 characters in new password are new compared to old password
difok = 5
# Set the minimum length acceptable for new passwords
minlen = 15
# Require at least 2 digits
dcredit = -2
# Require at least 2 upper case letters
ucredit = -2
# Require at least 2 lower case letters
lcredit = -2
# Require at least 2 special characters (non-alphanumeric)
ocredit = -2
# Require a character from every class (upper, lower, digit, other)
minclass = 4
# Only allow each character to be repeated twice, avoid things like LLL
maxrepeat = 2
# Only allow a class to be repeated 4 times
maxclassrepeat = 4
# Check user information (Real name, etc) to ensure it is not used in password
gecoscheck = 1
# Leave default dictionary path
dictpath =
# Forbid the following words in passwords
badwords = password pass word putorius

Raws li koj tuaj yeem pom, qee qhov tsis muaj nyob hauv peb cov ntaub ntawv yog redundant. Piv txwv li, parameter minclass yog redundant txij li thaum peb twb siv tsawg kawg yog ob lub cim los ntawm cov chav kawm siv teb [u,l,d,o]credit. Peb cov npe ntawm cov lus uas siv tsis tau kuj tseem rov ua dua, vim tias peb tau txwv tsis pub rov hais dua ib chav kawm 4 zaug (tag nrho cov lus hauv peb cov npe tau sau ua cov cim qis). Kuv tau suav nrog cov kev xaiv no nkaus xwb los qhia seb yuav siv lawv li cas los teeb tsa koj txoj cai password.
Thaum koj tau tsim koj txoj cai, koj tuaj yeem yuam cov neeg siv hloov lawv tus password rau lwm zaus lawv nkag mus. lub system.

Lwm qhov txawv txav koj yuav tau pom yog cov teb [u,l,d,o]credit muaj tus lej tsis zoo. Qhov no yog vim cov lej ntau dua lossis sib npaug rau 0 yuav muab credit rau kev siv tus cwj pwm hauv koj tus password. Yog tias daim teb muaj tus lej tsis zoo, nws txhais tau tias yuav tsum muaj qee qhov ntau.

Cov nyiaj qiv yog dab tsi?

Kuv hu lawv qiv vim qhov ntawd qhia lawv lub hom phiaj kom raug raws li qhov ua tau. Yog hais tias tus nqi parameter siab dua 0, koj ntxiv ib tug xov tooj ntawm "tus cwj pwm credits" sib npaug rau "x" rau tus password ntev. Piv txwv li, yog tias tag nrho cov parameter (u,l,d,o)credit teem rau 1 thiab qhov yuav tsum tau lo lus zais ntev yog 6, ces koj yuav tsum tau 6 cim kom tau raws li qhov yuav tsum tau ntev vim hais tias txhua tus tsiaj ntawv loj, me, tus lej los yog lwm yam cim yuav muab rau koj ib tug credit.

Yog tias koj nruab dcredit ntawm 2, koj tuaj yeem siv txoj kev xav siv tus password uas yog 9 tus cim ntev thiab tau txais 2 tus lej qhab nia rau cov lej, thiab tom qab ntawd tus password ntev yuav yog 10.

Saib qhov piv txwv no. Kuv teeb tus password ntev rau 13, teeb dcredit rau 2, thiab txhua yam ntxiv rau 0.

$ pwscore
 Thisistwelve
 Password quality check failed:
  The password is shorter than 13 characters

$ pwscore
 Th1sistwelve
 18

Kuv thawj daim tshev ua tsis tiav vim tus password tsawg dua 13 cim ntev. Lub sijhawm tom ntej kuv hloov tsab ntawv "Kuv" rau tus lej "1" thiab tau txais ob qhov qhab nia rau tus lej, uas ua rau tus password sib npaug li 13.

Kev ntsuam xyuas tus password

Pob libpwquality muab cov functionality piav nyob rau hauv tsab xov xwm. Nws kuj los nrog ib qho kev pab cuam pwscore, uas yog tsim los xyuas cov password complexity. Peb siv nws saum toj no los xyuas cov nyiaj qiv.
Π’ΠΈΠ»ΠΈΡ‚Π° pwscore nyeem los ntawm std ua. Tsuas yog khiav cov nqi hluav taws xob thiab sau koj tus password, nws yuav pom qhov yuam kev lossis tus nqi ntawm 0 txog 100.

Tus lej password zoo muaj feem cuam tshuam rau qhov parameter minlen nyob rau hauv cov ntaub ntawv configuration. Feem ntau, qhov qhab nia tsawg dua 50 yog suav tias yog "tus password ib txwm", thiab qhov qhab nia saum toj no suav tias yog "tus password muaj zog". Txhua lo lus zais uas dhau qhov kev kuaj xyuas zoo (tshwj xeeb yog yuam kev pov thawj cracklib) yuav tsum tiv thaiv phau ntawv txhais lus tawm tsam, thiab tus password nrog tus qhab nia siab dua 50 nrog rau qhov chaw minlen txawm los ntawm lub neej ntawd brute force kev tawm tsam.

xaus

hloov pwquality - Nws yooj yim thiab yooj yim piv rau qhov tsis yooj yim ntawm kev siv cracklib nrog cov ntaub ntawv ncaj qha kho pam. Hauv phau ntawv qhia no, peb tau hais txog txhua yam koj xav tau thaum teeb tsa tus lej password ntawm Red Hat 7, CentOS 7, thiab txawm tias Ubuntu systems. Peb kuj tau tham txog lub tswv yim ntawm cov nyiaj qiv, uas tsis tshua muaj sau txog kev nthuav dav, yog li cov ncauj lus no feem ntau tseem tsis meej rau cov neeg uas tsis tau ntsib yav dhau los.

Qhov chaw:

paj quality man page
pam_pwquality man page
pwscore man page

Cov kev sib txuas tseem ceeb:

Xaiv Cov passwords ruaj ntseg - Bruce Schneier
Lorrie Faith Cranor tham txog nws txoj kev kawm lo lus zais ntawm CMU
Lub Infamous xkcd tas luav ntawm Entropy

Tau qhov twg los: www.hab.com

Ntxiv ib saib