- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
vim /etc/pam.d/system-auth- d; {9 p- K- Z* D F2 M3 Z. u) a- M
#%PAM-1.0
: d. D# `! e. [* A$ A3 l. n# This file is auto-generated." K) z+ a1 G5 J6 Y# R
# User changes will be destroyed the next time authconfig is run.1 t- w( x" p3 D: S; X# P
auth required pam_env.so
4 q" u" i% w% `' `5 q2 \/ Z- Cauth sufficient pam_unix.so try_first_pass nullok- ]9 W- w& w! {7 w/ P* ^* ]
auth required pam_deny.so
# s; f3 ~* }- s$ s, z/ P% [9 I& v6 a: Y7 K" a+ ?
account required pam_unix.so
& ]1 x |3 x" L* X1 r& U$ q5 V9 g& d( W5 O8 t/ m+ R5 R- i
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=3 k* b' {! c: g5 M
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow0 V% w3 X' K& I- ]
password required pam_deny.so
6 w w2 v4 D, j2 a2 _" a& q
4 X1 U# D+ Z, M3 l$ f7 |#password requisite pam_cracklib.so minlen=8 lcredit=-2 ucredit=-2 dcredit=-1 ocredit=-1 enforce_root debug
: |( `0 x2 N# r5 q8 p: Z" O#password sufficient pam_unix.so remember=5 use_authtok debug
% k( }& B) v9 a8 K2 h- y7 |#password required pam_deny.so debug
. L8 i) F8 A% ?$ L; Rsession optional pam_keyinit.so revoke7 w" H) t# A4 u7 a+ d1 d7 k" C
session required pam_limits.so
% a. m* A& W3 n* ~2 @* @, d-session optional pam_systemd.so J. h# M6 k- s) p
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid) P! i4 z0 u* W. [/ o' w+ x, y
session required pam_unix.so
; K4 m. N/ P7 u6 K. \4 Y~
# W! [; i% l' B8 t" D2 K% K1 t- B" V. z- R; m
8 l/ r0 c$ K0 J2 Z因配置这些导致
6 p1 q( v4 h* S5 \#password requisite pam_cracklib.so minlen=8 lcredit=-2 ucredit=-2 dcredit=-1 ocredit=-1 enforce_root debug0 H( R9 m+ H2 g- k Z
#password sufficient pam_unix.so remember=5 use_authtok debug5 q9 |2 T+ t- G% N' o0 Q
#password required pam_deny.so debug
S4 L) B5 Q: n: |注释即可。还原配置
2 m: N9 ]) W- r( Ypassword requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=8 ], h% R" O# q% u: O
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
! s& D' i. s. K' Y# g! c7 rpassword required pam_deny.so
! q1 R, e, h7 B# y( k2 p! @8 C
) i# S, y' v F0 B
4 C, d2 q3 G+ [7 U. ~重置即可。: O/ K2 c7 c# R- Z9 V9 Q
( F- T2 v+ z+ v5 @5 K
vim /etc/pam.d/login & `) L+ X+ g& a2 _/ f, U5 m
5 P. e" R+ ~3 w4 J8 t
#%PAM-1.0
7 ?) @8 ?9 ?9 c; |! \/ W- E#auth required pam_tally2.so onerr=fail deny=5 unlock_time=1800 even_deny_root* ~# D9 x$ G2 p6 z0 j9 U2 v8 L
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so$ ]+ H" Z8 f6 C2 O; n6 A+ r. r) y
auth substack system-auth
% w- o% h3 v- a) }; A0 jauth include postlogin+ h b1 X# F! R k( I D
account required pam_nologin.so
f4 J% ~0 R7 s+ Zaccount include system-auth% J2 H5 X% l2 a0 c3 D' g
password include system-auth
( b4 f' y! x1 W+ M& b2 S# pam_selinux.so close should be the first session rule; l1 n' B( {' \: H" o: v
session required pam_selinux.so close
& ^( q8 u# C( ]; F" dsession required pam_loginuid.so
( Q+ i; c+ V6 zsession optional pam_console.so
: r% A: e# y: g* C, j" Q# pam_selinux.so open should only be followed by sessions to be executed in the user context1 N( y- g8 o1 q" k H
session required pam_selinux.so open
) l- V( r9 V8 W9 a! ^% b" i& D/ Fsession required pam_namespace.so6 j$ d6 \# J, v: a2 y+ k b& G$ l
session optional pam_keyinit.so force revoke
0 W+ p5 E( S- R& Jsession include system-auth
" t) ]( N$ |* J3 tsession include postlogin
* {7 ~5 r0 O# U6 l9 S0 d-session optional pam_ck_connector.so) P0 L, ^. \- f8 l6 B; F6 g
& p: N0 E5 j& z! j# a4 `- H8 M2 k9 c# P* `: }3 ?2 v \
配置文件:5 Y1 e) b- l1 `. W& ~2 C
vim /etc/pam.d/sshd , [+ S+ I: u' P+ d6 l6 @
#%PAM-1.07 g# w& m+ y" p% @
#auth required pam_tally2.so onerr=fail deny=5 unlock_time=1800 even_deny_root
2 V( h, M8 N) U1 t; y; pauth required pam_sepermit.so3 e2 E5 [/ b4 n2 B2 N3 ~5 l7 k
auth substack password-auth
4 l8 h3 o; R& Y) Wauth include postlogin
- I( z3 `" Y* p* d% f& ~/ k m' T* z# Used with polkit to reauthorize users in remote sessions
% K/ E/ j% g( G2 T-auth optional pam_reauthorize.so prepare
4 W4 P' j0 F1 g$ t7 @account required pam_nologin.so
& n. B4 W. ^4 |6 \3 M+ naccount include password-auth
6 X6 w3 p6 t' t6 d; A) z4 _password include password-auth
) ~! a- F+ H8 B- N3 M: s3 d; J# pam_selinux.so close should be the first session rule7 W4 T7 F+ T9 i# G: V0 |! E; \
session required pam_selinux.so close
1 n: Q( l7 a9 e W$ o! c$ s& I8 fsession required pam_loginuid.so0 Y* F; u9 \2 Q0 A3 w" L+ ?/ Z6 {9 O
# pam_selinux.so open should only be followed by sessions to be executed in the user context* H0 f' N: u: ]0 A
session required pam_selinux.so open env_params
0 T$ L; W, l- H2 ?' d. m3 S" W. Lsession required pam_namespace.so5 j C1 N. ?, U
session optional pam_keyinit.so force revoke
1 u! I c) E- P1 K; J% W: m B( [session include password-auth' N0 n: j- f- G+ O
session include postlogin
& v9 f' U8 I: k s$ I0 k# Used with polkit to reauthorize users in remote sessions
+ `- B8 t" ?! Z H9 |-session optional pam_reauthorize.so prepare9 h! c" B6 H& r8 q
5 R0 m- p2 i4 M( [% J% g
即可恢复远程登录。7 W. x9 ]4 h ~
V( q, z4 n( w m
% m# ]2 K& e5 l) n
t% @) ^, j3 q( F, g5 `) \
1 v' ?: C( F' n+ Y; p/ n |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2025-1-6 13:25:01
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主