|
|
开启root用户的登录指纹认证
1、登记指纹信息
[root@kejc etc]# fprintd-enroll root
Using device /net/reactivated/Fprint/Device/0
Enrolling right index finger.
Enroll result: enroll-completed
2、效验指纹信息
[root@kejc etc]# fprintd-verify root
Using device /net/reactivated/Fprint/Device/0
Listing enrolled fingers:
- #0: right-index-finger
Verify result: verify-match (done)
3、检查root用户是否开启指纹认证,可以同时检查多个用户
[root@kejc ~]# fprintd-list root xxjs
found 1 devices
Device at /net/reactivated/Fprint/Device/0
Using device /net/reactivated/Fprint/Device/0
Fingerprints for user root on UPEK TouchStrip Sensor-Only (swipe): 【 root用户开启成功】
- #0: right-index-finger
User xxjs has no fingers enrolled for UPEK TouchStrip Sensor-Only. 【xxjs用户没有开启】
4、su - 命令
[yusy@kejc ~]$ su -
Swipe your finger on UPEK TouchStrip Sensor-Only
输入指纹后进入#,连续三次输入失败提示手工输入用户密码。
5、重要的文件:/etc/pam.d/system-auth,不要随意修改,有可能造成用户无法不能登录
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
6、若过失操作引起root用户不能登录,编辑gurb启动菜单添加single信号进入单用户。 |
|
IP卡
狗仔卡
发表于 2011-10-16 20:17:55
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡