pam_passwdqc ldap problems
Solar Designer
solar at openwall.com
Tue Aug 24 22:19:20 UTC 2004
Chris,
On Tue, Aug 24, 2004 at 02:03:27PM -0400, Adams, Chris M, CTR,, DMDCWEST wrote:
> # Password management
> #
> other password requisite pam_passwdqc.so
> min=disabled,disabled,di
> sabled,disabled,8 max=8 passphrase=0 match=0 similar=deny random=0
> enforce=every
> one retry=1 ask_oldauthtok=update check_oldauthtok
> other password required pam_dhkeys.so.1
You should have stacked pam_passwdqc after pam_dhkeys, not before.
And there should be no need for "ask_oldauthtok=update
check_oldauthtok" on your recent/patched Solaris 8 (it's almost
Solaris 9 in fact).
Also, I'm not sure what you're trying to achieve with "match=0
similar=deny"? (This is not related to the problem at hand, but
simply looks weird to me.)
The settings which should work for your system are as follows:
passwd auth required pam_passwd_auth.so.1
[...]
other password required pam_dhkeys.so.1
other password requisite pam_passwdqc.so max=8 retry=1
other password required pam_authtok_store.so.1
--
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments
More information about the Pam-list
mailing list