论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2010-08-05 08:45 |只看该作者 |倒序浏览

我在/etc/pam.d/system-auth上增加了密码安全策略,这些策略可对普通用户生效,但对root用户没用,要如何做才能也对root用户生效呢?

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth       required    pam_env.so
auth       required    pam_tally.so deny=5 onerr=fail
auth       sufficient pam_unix.so nullok try_first_pass
auth       requisite    pam_succeed_if.so uid >= 500 quiet
auth       required    pam_deny.so

account    required    pam_unix.so
#account    required    pam_tally.so deny=5
account    sufficient pam_succeed_if.so uid < 500 quiet
account    required    pam_permit.so

password requisite    pam_cracklib.so try_first_pass retry=3 minlen=6 difok=3 dcredit=-1 lcredit=-1 ocredit=-1
password sufficient pam_unix.so remember=3 md5 shadow nullok try_first_pass use_authtok
password required    pam_deny.so

session    optional    pam_keyinit.so revoke
session    required    pam_limits.so
session    [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session    required    pam_unix.so
~
~
~
~
~
~