Q: Stacking in Solaris
velociraptor
velociraptor at gmail.com
Tue May 17 17:04:15 UTC 2005
I was wondering if anyone might be able to help
me with a problem I am having.
I compiled the pam_cracklib/cracklib for Solaris
packages off of SourceForge, and got them working
on both Solaris 8 & 9.
My pam.conf looks like so for the passwd command:
passwd auth required /usr/lib/security/pam_passwd_auth.so.1
other password requisite
/usr/lib/security/pam_authtok_get.so.1 debug
other password requisite
/usr/lib/security/pam_cracklib.so use_authtok debug
other password required
/usr/lib/security/pam_authtok_store.so.1 try_first_pass debug
I have also tried swapping pam_authtok_store.so.1 with
the below library provided recently by Sun (an updated
pam_unix allowing passwords of greater than 8 characters).
other password required
/usr/lib/security/pam_unix.so.1 try_first_pass
The problem I see with cracklib: if a password passes the
cracklib check (e.g. non-dictionary, non-gecos, etc.), it is
will be accepted by the OS even if it does not conform to
the Solaris requirement that it have at least one non-alpha
character. E.g. sckurmep is accepted, when without
cracklib in the PAM stack, it is rejected.
(If I do not include "try_first_pass" or "use_first_pass" as an
option to pam_authtok_store or pam_unix, the user is
prompted twice for their old password and the new password.)
Any suggestions appreciated.
=Nadine=
More information about the Pam-list
mailing list