以下是通過(guò)man pam_cracklib查看獲得的解釋
一　PAM_CRACKLIB模塊可以做的密碼策略：
1.回文限制
2.字符數(shù)量限制
3.字符類(lèi)型限制
4.重復(fù)字符限制
5.新密碼和老密碼重復(fù)字符數(shù)量限制
6.新密碼和老密碼的相似度記憶
7.記憶最近幾次的密碼不能和老密碼重復(fù)

authtok_type=XXX
          The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ".
        The example word UNIX can be replaced with this option, by default it is empty.
        當(dāng)輸入新密碼時(shí)的默認(rèn)提示

difok=N
          This argument will change the default of 5 for the number of character changes in the new password that differentiate it from the old password.
        這個(gè)參數(shù)將改變新密碼不同于老密碼5個(gè)字符的默認(rèn)設(shè)置
maxrepeat=N
          Reject passwords which contain more than N same consecutive characters. The default is 0 which means that this check is disabled.
        拒絕包含超過(guò)N個(gè)連續(xù)相同的字符．默認(rèn)是0，意思是不用檢查

maxsequence=N
          Reject passwords which contain monotonic character sequences longer than N. The default is 0 which means that this check is disabled. Examples of such sequence are 12345
        or fedcb. Note that most such passwords will not pass the
          simplicity check unless the sequence is only a minor part of the password.
        拒絕密碼包含大于N的單純字符序列．默認(rèn)不檢查，注意大多數(shù)密碼不會(huì)通過(guò)簡(jiǎn)單性檢查除非這個(gè)序列是密碼的次要部分
dictpath=/path/to/dict
          Path to the cracklib dictionaries.

二　報(bào)錯(cuò)實(shí)例
如果是和以前用過(guò)的相同就會(huì)報(bào)錯(cuò)：
Password has been already used. Choose another.
如果新密碼和老密碼一樣就會(huì)提示：
Password unchanged
如果新密碼和老密碼相似度太高會(huì)提示：
is too similar to the old one
如果設(shè)置的復(fù)雜度不夠會(huì)提示：
BAD PASSWORD: it is too short
如果是比如密碼設(shè)置有連續(xù)的多個(gè)字符就會(huì)提示：
BAD PASSWORD: it is too simplistic/systematic
如果設(shè)密碼超過(guò)重復(fù)字符限制：

10多年的鹿泉網(wǎng)站建設(shè)經(jīng)驗(yàn)，針對(duì)設(shè)計(jì)、前端、開(kāi)發(fā)、售后、文案、推廣等六對(duì)一服務(wù)，響應(yīng)快，48小時(shí)及時(shí)工作處理。營(yíng)銷(xiāo)型網(wǎng)站的優(yōu)勢(shì)是能夠根據(jù)用戶設(shè)備顯示端的尺寸不同，自動(dòng)調(diào)整鹿泉建站的顯示方式，使網(wǎng)站能夠適用不同顯示終端，在瀏覽器中調(diào)整網(wǎng)站的寬度，無(wú)論在任何一種瀏覽器上瀏覽網(wǎng)站，都能展現(xiàn)優(yōu)雅布局與設(shè)計(jì)，從而大程度地提升瀏覽體驗(yàn)。成都創(chuàng)新互聯(lián)公司從事“鹿泉網(wǎng)站設(shè)計(jì)”,“鹿泉網(wǎng)站推廣”以來(lái)，每個(gè)客戶項(xiàng)目都認(rèn)真落實(shí)執(zhí)行。

BAD PASSWORD: contains too many same characters consecutively

三　配置實(shí)例

password   requisite    /lib64/security/pam_cracklib.so try_first_pass retry=3 difok=3
authtok_type=you_must_enter_at_least_3_charactors type= minlen=8 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 dictpath=/usr/share/cracklib/pw_dict
password   sufficient   /lib64/security/pam_unix.so try_first_pass use_authtok nullok sha512 shadow remember=3

控制標(biāo)識(shí)符解釋?zhuān)?br />optionalThe module is required for authentication if it is the only module listed
for a service.
required The module must succeed for access to be granted. PAM continues
to execute the remaining modules in the stack whether the module
succeeds or fails. PAM does not immediately inform the user of the
failure.
requisite The module must succeed for access to be granted. If the module
succeeds, PAM continues to execute the remaining modules in the
stack. However, if the module fails, PAM notifies the user immediately
and does not continue to execute the remaining modules in the stack.
sufficient If the module succeeds, PAM does not process any remaining modules
of the same operation type. If the module fails, PAM processes the
remaining modules of the same operation type to determine overall
success or failure.

四　密碼過(guò)期

/etc/login.defs 文件，可以設(shè)置當(dāng)前密碼的有效期限，如果想單獨(dú)為每個(gè)用戶設(shè)置不同期限使用chage命令．

五　一般的密碼策略

Password must meetthe following complexity requirements:
- Enforce password history: 5 passwords remembered
- Maximum password age: 90 days
- Not contain the user's account nameor parts of the user's full name thatexceed two consecutive characters
- Be at least 7 characters in length

- Contain characters from three of the following four categories:
1. English uppercase characters (A through Z)
2. English lowercase characters (a through z)
3. Base 10 digits (0 through 9)
4. Non-alphabetic characters (for example, !, $, #, %)
Complexity requirements are enforced when passwords are changed or created

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn，海內(nèi)外云服務(wù)器15元起步，三天無(wú)理由+7*72小時(shí)售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國(guó)服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢(shì)，專(zhuān)為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場(chǎng)景需求。

當(dāng)前標(biāo)題：密碼設(shè)置復(fù)雜度和期限-創(chuàng)新互聯(lián)
鏈接分享：http://weahome.cn/article/dspceo.html