ubuntu修改密码提示pam_chauthtok() failed

服务器操作系统:

ubuntu16.04

使用chpasswd修改密码时提示报错

echo  "root:xxxxx" |chpasswd 
################报错提示如下
chpasswd: (user admin) pam_chauthtok() failed, error
passwd: Module is unknown

原因分析

缺少pam的cracklib模块
pam_cracklib模块就是用来做密码复杂度检测的

解决方案:

安装cracklib

apt-cache search pam | grep crack
libpam-cracklib – PAM module to enable cracklib support
apt-get install libpam-cracklib

批量安装问题

单独在安装这个软件包时会弹出交互式界面,如果使用ansible shell模块批量安装时就会一直无显示等待情况

在这里插入图片描述

针对ansible批量安装libpam-cracklib软件包问题,推介解决方案

ansible -i tmphosts tmp -m "apt"  -a  "name=libpam-cracklib state=present"
10.xx.xx.xx | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "cache_update_time": 1712092322, 
    "cache_updated": false, 
    "changed": true, 
    "stderr": "", 
    "stderr_lines": [], 
    "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following NEW packages will be installed:\n  libpam-cracklib\n0 upgraded, 1 newly installed, 0 to remove and 83 not upgraded.\nNeed to get 13.0 kB of archives.\nAfter this operation, 96.3 kB of additional disk space will be used.\nGet:1 https://mirrors.myoas.com/artifactory/ubuntu xenial-updates/main amd64 libpam-cracklib amd64 1.1.8-3.2ubuntu2.3 [13.0 kB]\nFetched 13.0 kB in 0s (64.0 kB/s)\nSelecting previously unselected package libpam-cracklib:amd64.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 231267 files and directories currently installed.)\r\nPreparing to unpack .../libpam-cracklib_1.1.8-3.2ubuntu2.3_amd64.deb ...\r\nUnpacking libpam-cracklib:amd64 (1.1.8-3.2ubuntu2.3) ...\r\nProcessing triggers for man-db (2.7.5-1) ...\r\nSetting up libpam-cracklib:amd64 (1.1.8-3.2ubuntu2.3) ...\r\n\r\npam-auth-update: Local modifications to /etc/pam.d/common-*, not updating.\r\npam-auth-update: Run pam-auth-update --force to override.\r\n\r\n", 
    "stdout_lines": [
        "Reading package lists...", 
        "Building dependency tree...", 
        "Reading state information...", 
        "The following NEW packages will be installed:", 
        "  libpam-cracklib", 
        "0 upgraded, 1 newly installed, 0 to remove and 83 not upgraded.", 
        "Need to get 13.0 kB of archives.", 
        "After this operation, 96.3 kB of additional disk space will be used.", 
        "Get:1 https://mirrors.myoas.com/artifactory/ubuntu xenial-updates/main amd64 libpam-cracklib amd64 1.1.8-3.2ubuntu2.3 [13.0 kB]", 
        "Fetched 13.0 kB in 0s (64.0 kB/s)", 
        "Selecting previously unselected package libpam-cracklib:amd64.", 
        "(Reading database ... ", 
        "(Reading database ... 5%", 
        "(Reading database ... 10%", 
        "(Reading database ... 15%", 
        "(Reading database ... 20%", 
        "(Reading database ... 25%", 
        "(Reading database ... 30%", 
        "(Reading database ... 35%", 
        "(Reading database ... 40%", 
        "(Reading database ... 45%", 
        "(Reading database ... 50%", 
        "(Reading database ... 55%", 
        "(Reading database ... 60%", 
        "(Reading database ... 65%", 
        "(Reading database ... 70%", 
        "(Reading database ... 75%", 
        "(Reading database ... 80%", 
        "(Reading database ... 85%", 
        "(Reading database ... 90%", 
        "(Reading database ... 95%", 
        "(Reading database ... 100%", 
        "(Reading database ... 231267 files and directories currently installed.)", 
        "Preparing to unpack .../libpam-cracklib_1.1.8-3.2ubuntu2.3_amd64.deb ...", 
        "Unpacking libpam-cracklib:amd64 (1.1.8-3.2ubuntu2.3) ...", 
        "Processing triggers for man-db (2.7.5-1) ...", 
        "Setting up libpam-cracklib:amd64 (1.1.8-3.2ubuntu2.3) ...", 
        "", 
        "pam-auth-update: Local modifications to /etc/pam.d/common-*, not updating.", 
        "pam-auth-update: Run pam-auth-update --force to override.", 
        ""
    ]
}

如果要用shell模块,可使用:

ansible -i tmphosts tmp -m "shell"  -a 'DEBIAN_FRONTEND=noninteractive apt-get install libpam-cracklib -y --allow-unauthenticated'
  • 13
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
好的,这是一个使用 pam_chauthtok(localAuthHandle, PAM_SILENT) 函数检查密码过期的示例: ```c #include <security/pam_appl.h> #include <security/pam_misc.h> int main(int argc, char *argv[]) { pam_handle_t *pamh=NULL; int retval; const char *user="nobody"; if(argc == 2) { user = argv[1]; } if(argc > 2) { fprintf(stderr, "Usage: check_user [username]\n"); exit(1); } retval = pam_start("check_user", user, &conv, &pamh); if (retval == PAM_SUCCESS) { retval = pam_chauthtok(pamh, PAM_SILENT); } if (retval == PAM_SUCCESS) { printf("Password change successful!\n"); } else { printf("Password change failed!\n"); } if (pam_end(pamh,retval) != PAM_SUCCESS) { pamh = NULL; fprintf(stderr, "check_user: failed to release authenticator\n"); exit(1); } return retval == PAM_SUCCESS ? 0:1; } ``` 在这个示例程序中,我们同样使用 pam_start() 函数来初始化 PAM 系统并启动认证流程。然后,我们调用 pam_chauthtok() 函数来检查密码是否过期,并在需要时强制用户更改密码。不同的是,我们使用 PAM_SILENT 选项来指定这个过程是静默的,不需要提示用户输入密码。 最后,我们同样使用 pam_end() 函数来结束 PAM 会话并释放资源。 需要注意的是,使用 PAM_SILENT 选项静默地检查密码过期可能会降低安全性。因为用户没有机会确认他们的密码是否过期,也没有机会输入一个强密码来替换过期的密码。因此,在生产系统中,我们需要谨慎使用 PAM_SILENT 选项,并确保用户密码的安全性。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值