- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
vim /etc/pam.d/system-auth. f/ w4 l% v* @7 e. \1 }
#%PAM-1.0" x. T; ~; p4 I! l/ Y
# This file is auto-generated.
# m# G; w4 \$ R8 E# User changes will be destroyed the next time authconfig is run.
! G+ z8 G( c9 U' ~ {. pauth required pam_env.so
0 i; j/ W" Q# Z6 A, l& rauth sufficient pam_unix.so try_first_pass nullok% g2 P- \- X$ ?, s
auth required pam_deny.so
/ e) z$ D' L9 ?( l3 G2 z; ^4 ?' V$ @, v" E
account required pam_unix.so3 b' p9 x4 t& s: k9 f; R8 ^
! e4 R/ B; \+ v. O, L/ p
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=/ l c. @& ~9 C% s# k
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
8 h5 M, c! P$ V3 H6 s: rpassword required pam_deny.so( k, k4 h) |5 y5 f7 ?: v
7 |! ^& E3 |2 `2 k2 w3 i. S6 g7 F#password requisite pam_cracklib.so minlen=8 lcredit=-2 ucredit=-2 dcredit=-1 ocredit=-1 enforce_root debug
; ]8 {* _" r7 J) T7 |#password sufficient pam_unix.so remember=5 use_authtok debug
/ ]* m& K8 h: ]' G4 y4 c* c#password required pam_deny.so debug
' C9 m* y" T; r+ G) p/ Qsession optional pam_keyinit.so revoke
6 v% K) Y. ^8 w: y' _) E/ C: h; osession required pam_limits.so
* R( ?) T N1 M) X* M7 y) q1 f" e-session optional pam_systemd.so
$ O' c4 o* r9 C* bsession [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
5 v' T j0 G' C% n$ z2 q1 _4 \8 Hsession required pam_unix.so1 X- L$ D% ]4 l$ a" V D
~
+ B7 i$ R% c& B2 S9 y
3 L0 b a! S D; C5 F+ D4 F) g0 J) S* p
因配置这些导致
! v8 [. e: m6 B& Z#password requisite pam_cracklib.so minlen=8 lcredit=-2 ucredit=-2 dcredit=-1 ocredit=-1 enforce_root debug
3 H3 a4 w- E/ Q/ Y7 m! E#password sufficient pam_unix.so remember=5 use_authtok debug
6 N+ @# T) k5 I, q#password required pam_deny.so debug
' y4 j# x% e2 H0 a2 l注释即可。还原配置
" h0 ^& s: b4 Ipassword requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
" J3 w5 F" l/ p, ~3 _6 fpassword sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow5 L4 l2 h+ G# A# j$ d* R
password required pam_deny.so4 C) @5 C% r5 G5 A$ [$ c
. l6 F. t; O" m) I
9 v8 E3 M7 c% C: O# _重置即可。
" I% c% i7 e* a5 c4 r
* D+ t0 |; q( S7 v1 j. ?' w u3 |* zvim /etc/pam.d/login 0 Z# ]8 P( y$ d
, Q/ X5 e+ y+ [6 m. {& W
#%PAM-1.0( f0 g D3 R( P: t- V
#auth required pam_tally2.so onerr=fail deny=5 unlock_time=1800 even_deny_root Z1 a. `' P& ~ [
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so. F1 t# G* H% r$ B3 o/ ]% X
auth substack system-auth
0 j" k8 a' I) ]: Y U2 ^/ kauth include postlogin. j' n# f8 D& _# [ j) J
account required pam_nologin.so
9 e; @# E" P5 d5 T' B0 waccount include system-auth
) g! Y* Y. B; R3 |3 hpassword include system-auth( v2 }7 F! F2 v) e* Q8 H5 q9 E
# pam_selinux.so close should be the first session rule
% N! u' Q& |/ Wsession required pam_selinux.so close- l. t5 e! A. j! E8 v& l+ k. L5 z& i
session required pam_loginuid.so! u0 w7 b( Z# U0 \( l( A7 C9 {6 h
session optional pam_console.so
: T3 t& Y8 O/ P0 Z- ^& C5 X# X# pam_selinux.so open should only be followed by sessions to be executed in the user context8 N+ L/ D& |2 W9 e: y- H* b
session required pam_selinux.so open# k! U3 E& M# O$ { H l
session required pam_namespace.so
I8 P, l8 _- Y0 n+ x6 ?; q6 I. Qsession optional pam_keyinit.so force revoke1 L, S ?6 y v' @1 P: M/ M# {, Q
session include system-auth
2 w' |: i. M. f ^! t3 gsession include postlogin
3 Q9 J1 x2 F6 g9 i-session optional pam_ck_connector.so& d, h r L! |
5 e5 f4 o' ]5 u N
5 T7 J2 z, M5 n
配置文件:. `" o0 q" l6 s" @8 m
vim /etc/pam.d/sshd + z% d7 s. R, q- I
#%PAM-1.0$ E1 M2 V6 ]" E9 M. A6 M
#auth required pam_tally2.so onerr=fail deny=5 unlock_time=1800 even_deny_root
: D$ N9 [. T& B3 [1 M. Eauth required pam_sepermit.so
* s8 \( s1 x2 p- \) dauth substack password-auth
. Z8 `) H& ]) q( s! ^auth include postlogin
2 ]% Z8 q6 j/ g# Used with polkit to reauthorize users in remote sessions
# V; ~3 o7 q& e" K1 z-auth optional pam_reauthorize.so prepare5 U& o7 L) j4 e5 {+ I# C
account required pam_nologin.so7 U0 y7 o6 }; E, X3 T& V: I: b9 Q
account include password-auth
" A$ |% u: f3 m# t$ D9 ]password include password-auth/ N" n* C) E' Q8 ? w T* Q
# pam_selinux.so close should be the first session rule
* G/ ^4 V0 }* q# v1 Asession required pam_selinux.so close
; |" t9 G2 t, X8 Hsession required pam_loginuid.so
7 z, Q& h& |- W& ]$ n# pam_selinux.so open should only be followed by sessions to be executed in the user context" z! ^4 r9 z T( }9 r% E4 s
session required pam_selinux.so open env_params
* T/ G- T6 S7 w. Zsession required pam_namespace.so
+ d: P7 |5 |6 R& h3 @: msession optional pam_keyinit.so force revoke% R. f. R& r3 r
session include password-auth
) u! N5 ~; i4 R6 s4 H2 \9 E0 Esession include postlogin
2 `+ G6 R; d) ] M# Used with polkit to reauthorize users in remote sessions' s% \+ e" d" _# i! I
-session optional pam_reauthorize.so prepare$ r" p& `+ A" o2 P4 o
9 H2 t6 c L: s1 k即可恢复远程登录。. J8 e8 V4 r& u
" E( d2 Y1 y. d# Y
3 c& _# K0 M9 ~! T, O
7 g2 ^8 u5 c9 h9 J) Q, `+ u( z
" D k$ }0 z: B" Y |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2025-1-6 13:25:01
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主