[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

UNSUBSCRIBE



----- Original Message -----
From: "Jeremias Blendin" <jblendin@web.de>
To: <pam-list@redhat.com>
Sent: Thursday, February 21, 2002 1:22 AM
Subject: UNSUBSCRIBE


> pam-list@redhat.com schrieb am 20.02.02:
> > Hi,
> >
> > > Pam_unix2
> > >
> > > This module from Thorsten Kukuk improves the NIS support for changing
> > > passwords compared to the standard pam_unix module although has a
smaller
> > > number of options than the former.  Pam_unix2 doesn't need a specific
> > > option to change the nis passwords, it's "clever" enough to find out
> > > whether the account it's dealing with is local or NIS.  In this case
the
> > > configuration of the file /etc/pam.d/passwd is simpler:
> > >
> > > password   required pam_cracklib.so retry=3 retry=3 minlen=9 difok=3
> >
> > Why not use pam_pwcheck?
> >
> > > password   required pam_unix2 md5 use_authok
> > >
> > > In the first entry pam_cracklib checks the quality of the new password
and
> > > in the second the correct password is changed be it local or NIS.
With
> > > pam_unix2 when the root user in a NIS client wants to change the NIS
> > > password of a normal user, he is not asked for the root password of
the NIS
> > > server but for the old password of the user, the philosophy here is
that
> > > it's enough to know the user password to be able to change it.
> > >
> > >
> > > PROBLEMS WITH PAM_UNIX2
> > >
> > > This module is promising but unfortunately is not ready enough for
general
> > > use in the situation showed here, the problems found were:
> > >
> > > -The debug option described in the documentation doesn't work and
causes an
> > >  error through syslog:
> > >
> > >  petrel PAM-unix2[2880]: password: Unknown option: debug
> >
> > Fixed on current SuSE Linux distributions.
> >
> > > -When a password is changed successfully there is no record through
syslog.
> >
> > Why should there a syuslog entry on the client? It is much simpler to
> > have this all on the server.
> >
> > >
> > > -The option use_authok described in the documentation and essential
for
> > >  this situation is not supported giving the following error through
syslog:
> > >
> > >  petrel PAM-unix2[3501]: password: Unknown option: use_authok
> >
> > Typo of the README, the source and all other modules should show you
that
> > the correct argument is "use_authtok"
> >
> > > -The module doesn't work at all when it is stacked with pam_cracklib,
and
> > >  again this is essential for the described situation.
> >
> > It should work, but I prefer pam_pwcheck instead of pam_cracklib.
> >
> >   Thorsten
> >
> > --
> > Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
> > SuSE Linux AG        Deutschherrenstr. 15-19       D-90429 Nuernberg
> > --------------------------------------------------------------------
> > Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B
> >
> >
> >
> > _______________________________________________
> > Pam-list mailing list
> > Pam-list@redhat.com
> > https://listman.redhat.com/mailman/listinfo/pam-list
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Jeremias Blendin   *   jeremias@blendin.de   *   0173 / 6516928
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
____________________________________________________________________________
__
> Geben Sie Ihren Lottotipp gerne auf den letzten Drücker ab?Beim WEB.DE
> Lottoservice gibt's keine Warteschlangen. http://tippen2.web.de/?x=9
>
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []