1、图形化修改配置参数

图形化设置的路径：设置->安全中心->账户安全->账户密码安全。选择相应级别，可以双击“自定义”，根据用户需求修改密码复杂度。

密码等级包括：

• • 高级：至少8位，包含大写字母、小写字母、数字、特殊字符中的3种
  • 中级：至少6位，包含大写字母、小写字母、数字、特殊字符中的2种
  • 低级：无密码长度和字符类别限制
  • 自定义：根据需要设置密码强度

自定义选项包括：

• 密码字符设置：

1. 密码最小长度、
2. 密码中至少包含字符种类、
3. 大写字母最小数量、
4. 数字字符最小数量、
5. 小写字母最小数量、
6. 特殊字符最小数量

• 密码高级设置：

1. 密码中禁止包含用户名
2. 启用回文检查
3. 启用相似性检查
4. 启用密码字典
5. 密码有效时间（30天、90天、180天、永久）默认永久

• 密码连续字符控制

1. 同一字符连续出现最大次数
2. 同类型字符序列连续出现最大次数
3. 同类型字符连续出现最大次数

2、配置文件修改配置参数

配置文件修改：vim /etc/security/pwquality.conf

# Configuration for systemwide password quality limits

# Defaults:

#

# Number of characters in the new password that must not be present in the old password.

# 新密码中不能存在于旧密码中的字符数。

# difok = 0

#

# Minimum acceptable size for the new password (plus one if credits are not disabled which is the default). (See pam_cracklib manual.)

# Cannot be set to lower value than 6.

# 密码最小长度

# minlen = 6

#

# The maximum credit for having digits in the new password. If less than 0 it is the minimum number of digits in the new password.

# 数字字符最小数量

# dcredit = 0

#

# The maximum credit for having uppercase characters in the new password.

# If less than 0 it is the minimum number of uppercase characters in the new  password.

# 大写字母最小数量

# ucredit = 0

#

# The maximum credit for having lowercase characters in the new password.

# If less than 0 it is the minimum number of lowercase characters in the new  password.

# 小写字母最小数量

# lcredit = 0

#

# The maximum credit for having other characters in the new password.

# If less than 0 it is the minimum number of other characters in the new  password.

# 特殊字符最小数量

# ocredit = 0

#

# The minimum number of required classes of characters for the new password (digits, uppercase, lowercase, others).

# 新密码所需字符的最小类别（数字、大写、小写或其他特殊字符）。

# minclass = 2

#

# The maximum number of allowed consecutive same characters in the new password.

# The check is disabled if the value is 0.

#新密码中允许的连续相同字符的最大数目。

#如果值为0，则禁用该检查。

# maxrepeat = 0

#

# The maximum number of allowed consecutive characters of the same class in the new password.

# The check is disabled if the value is 0.

#新密码中同一类别允许的最大连续字符数。

#如果值为0，则禁用该检查。

# maxclassrepeat = 0

#

# Whether to check for the words from the passwd entry GECOS string of the user.

# The check is enabled if the value is not 0.

# gecoscheck = 0

#

# Whether to check for the words from the cracklib dictionary.

# The check is enabled if the value is not 0.

# dictcheck = 0

#

# Whether to check if it contains the user name in some form.

# The check is enabled if the value is not 0.

#是否检查它是否以某种形式包含用户名。

#如果值不是0，则启用检查。

# usercheck = 0

#

# Whether the check is enforced by the PAM module and possibly other applications.

# The new password is rejected if it fails the check and the value is not 0.

# enforcing = 1

#

# Path to the cracklib dictionaries. Default is to use the cracklib default.

# dictpath =

#

# Prompt user at most N times before returning with error. The default is 1.

# retry = 1

#

# Enforces pwquality checks on the root user password.

# Enabled if the option is present.

# enforce_for_root

#

# Skip testing the password quality for users that are not present in the  /etc/passwd file.

# Enabled if the option is present.

# local_users_only

#

# Whether to check the new password is a palindrome or not  Enabled if the option is present  palindrome

#

# Whether to check the new password is simliar with old one

# Check include only case changes and rotated

# Disabled if the option is present

# no_similar_check

3、使用pam认证

root@kylin-PC:~#  apt install -y libpam-cracklib

其余配置可参考服务器版本的配置。

需要注意的是:在desktop版本上的pam语法与在server版本上不一样，而且password使用的模块也不一样。

root@kylin-PC:/home/kylin# grep passw /etc/pam.d/sshd 
# Standard Un*x password updating.
@include common-password
root@kylin-PC:/home/kylin# grep passw /etc/pam.d/login 
@include common-password
root@kylin-PC:/home/kylin# grep passw /etc/pam.d/lightdm 
auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
@include common-password
 

root@kylin-PC:~# vim /etc/pam.d/common-password
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords.
The default is pam_unix.
# Explanation of pam_unix options:
#
# The "sha512" option enables salted SHA512 passwords.
Without this option,
# the default is Unix crypt.
Prior releases used the option "md5".
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs.
#
# See the pam_unix manpage for other options.
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.
See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
password
requisite
pam_pwquality.so retry=3
password
[success=1 default=ignore]
pam_unix.so use_authtok try_first_pass sha512
# here's the fallback if no module succeeds
password
requisite
pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password
required
pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

可以在pam_pwquality.so模块中添加复杂度的相关配置参数。

最后

以上就是淡定纸鹤为你收集整理的麒麟KylinOS Desktop三种方式修改密码复杂度1、图形化修改配置参数2、配置文件修改配置参数3、使用pam认证的全部内容，希望文章能够帮你解决麒麟KylinOS Desktop三种方式修改密码复杂度1、图形化修改配置参数2、配置文件修改配置参数3、使用pam认证所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错，欢迎将靠谱客网站推荐给程序员好友。