strange pam_cracklib behavior on password changes...
Marc - A. Dahlhaus [ Administration | Westermann GmbH ]
mad at wol.de
Fri Jun 26 13:41:53 UTC 2009
Hello,
the actual pam/shadow combination does strange things,
i don't know if it is a new problem or what package
introdused this behavior...
The problem is that on password change, the password
isn't asked for again if cracklib has any problem with
the prior entered one...
pam version: 1.1.0
shadow version: 4.1.4.1
cracklib version: 2.8.13
/etc/pam.d/passwd :
password required pam_cracklib.so authtok_type=system difok=2 minlen=8
dcredit=2 ocredit=2 retry=3
password required pam_unix.so md5 shadow use_authtok nullok
# passwd
Changing password for user.
(current) UNIX password:
New system password:
Retype new system password:
BAD PASSWORD: it is WAY too short
BAD PASSWORD: it is WAY too short
BAD PASSWORD: it is WAY too short
passwd: Have exhausted maximum number of retries for service
passwd: password unchanged
hope someone could shed some light into this changed behaviour...
Marc
More information about the Pam-list
mailing list