[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_cracklib: suggested changes



On Mon, 4 Sep 2000, Solar Designer wrote:

> > In trying to get the pam_cracklib module running on Solaris,
> 
> Maybe you would try my pam_passwdqc as well?  I don't think it will
> work on Solaris "out of the box", but I think that the required
> changes should be minimal.  pam_passwdqc is meant to replace both
> CrackLib and pam_cracklib.

Nice idea.  But, as with us all, my time is limited, and therefore any
effort over and above what my employer wants (e.g. "pam_cracklib working
on our local system") needs to be well and efficiently directed.  (And I'm
fortunate in having an employer agreeable to at least a small amount of
such work ... hence being able to partake in this discussion!) 

So at this stage, I suspect it would be better to try to lay out, and
agree, a roadmap for future development of "Linux-PAM" (or "Open-PAM"?). 
Then those of us with the enthusiasm for it can contribute our own work
into it. 

An important technical role, I think, would be for someone to maintain
(and accept or vet proxy changes for) a CVS tree on an active basis. 

To take your specific example (my trying your pam_passwdqc which "[you]
don't think it will work on Solaris" anyway): wouldn't it be better:
1. to agree on usage conventions and possible coding commonality across
   modules;
2. an individual to implement that on modules in which he/she has a direct
   interest (e.g. "pam_cracklib" for me, "pam_passwdqc" for you);
3. THEN to try to cross-test each others modules.

It might be marginally slower in getting off the ground, but from the "big
picture" perspective wouldn't it be better?

> (One thing that should definitely be added to meet your requirements
> is use_authtok/*_first_pass, which is still on TODO.)

(The only "TODO" file I found was in "modules/pam_pwdb/TODO", which didn't
seem to mention that.  But in my work on "pam_cracklib", I assumed that
"use_authtok" was equivalent to "use_first_pass".)

Hope that helps.

-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/~dcl0tdl            South Road            :
:                                           Durham                :
:  Phone: +44 191 374 2882                  U.K.                  :





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []