Context: Generic GNU/Linux certification command examples.
Manage user password policies and authentication mechanisms.
To manage user password policies and authentication mechanisms in a GNU/Linux system, you can use various commands and configuration files. Here are some examples:
- Set password aging policies: The password aging policies can be set using the
passwdcommand with the
-x(maximum number of days) and
-n(minimum number of days) options:
passwd -x <max_days> -n <min_days> <username>
<max_days> with the maximum number of days a password is valid,
<min_days> with the minimum number of days before a password can be changed, and
<username> with the username of the user you want to set the policy for.
Configure password complexity requirements: The password complexity requirements are typically defined in the
/etc/pam.d/common-passwordfile. Edit the file using a text editor and modify the relevant lines to set the desired complexity requirements. For example, you can set the minimum length, requirement for uppercase and lowercase letters, numbers, and special characters.
Enable or disable password authentication mechanisms: The authentication mechanisms are defined in the
/etc/ssh/sshd_configfile for SSH. To enable or disable password authentication, locate the
PasswordAuthenticationdirective and set it to either
After making changes, restart the SSH service for the changes to take effect.
Use stronger authentication mechanisms: To use stronger authentication mechanisms like key-based authentication, you can generate an SSH key pair using the
ssh-keygencommand and configure it for the desired user. This typically involves copying the public key to the user's
Implement multi-factor authentication (MFA): To implement MFA, you can use tools like Google Authenticator or Authy. These tools generate one-time passwords (OTP) that need to be provided along with the regular password during login. The configuration for MFA may vary depending on the specific tool being used.
Remember to consult your system's documentation or relevant manuals for detailed instructions and to adapt these examples based on your specific GNU/Linux distribution and configuration.