在银河麒麟server V10 SP3上,修改密码时候,报错:
passwd: Authentication token manipulation error
[root@kylin2 pam.d]# passwd grid
Changing password for user grid.
New password:
BAD PASSWORD: The password is shorter than 8 characters
passwd: Authentication token manipulation error
[root@kylin2 pam.d]# echo grid |passwd --stdin grid
Changing password for user grid.
passwd: Authentication token manipulation error
[root@kylin2 pam.d]#
从第1条测试的报错说明PAM模块校验着密码复杂度策略,查看对应的/etc/pam.d/system-auth文件,在pam_pwquality.so行中检查无发现复杂度的设定,查看默认的值的配置文件/etc/security/pwquality.conf,检查发现最小长度minlen=8,因此才会报错上面的信息。那么在银河麒麟上尝试取消掉密码复杂度的检验,将pam_pwquality.so换成老的模块,即就是
password requisite pam_cracklib.so difok=0 minle=3 ucredit=0 lcredit=0 dcredit=0
[root@kylin2 pam.d]# cat /etc/pam.d/system-auth
#%PAM-1.0
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth requisite pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=60
-auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
-auth sufficient pam_sss.so use_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=60
auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=60
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account required pam_faillock.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
-account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-password sufficient pam_sss.so use_authtok use_first_pass
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
-session optional pam_sss.so
[root@kylin2 pam.d]#
当换成后,再次修改密码,成功
[root@kylin2 pam.d]# cat /etc/pam.d/system-auth
#%PAM-1.0
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth requisite pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=60
-auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
-auth sufficient pam_sss.so use_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=60
auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=60
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account required pam_faillock.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
-account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_cracklib.so difok=0 minle=3 ucredit=0 lcredit=0 dcredit=0
#password requisite pam_pwquality.so try_first_pass local_users_only
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-password sufficient pam_sss.so use_authtok use_first_pass
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
-session optional pam_sss.so
[root@kylin2 pam.d]#
[root@kylin2 pam.d]# echo grid |passwd --stdin grid
Changing password for user grid.
passwd: all authentication tokens updated successfully.
[root@kylin2 pam.d]#
扫一扫
4612
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
