[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: passwd

Morgan's statement may be a bit misleading.

The actual passwd+ code for strength testing the passwords is complete   
and functional. I am not aware, or perhaps have forgotten if I was   
informed, of any problems with the code. If I missed something, then I'll   
fix it.

The password changing logic is part of the UNIX authentication code and   
from what I last heard had some problems. Alex has probably solved them   
by now.

I have no object to doing a 'npasswd' code module. I just don't feel that   
there is a real benefit to having something which simply says that the   
password must be 6 characters long and not contain a ^ character. I like   
the concept of the rules which are in the passwd+ code over a simple set   
of parameters that are used in npasswd.

The same can be said of using the passwd code from the shadow package   
which has the same logic as npasswd, to perhaps an arguably lesser   
degree. However, it does centralize the configuration logic into the   
/etc/login.defs file which is good.

However, to each his own. That is one of the benefits to PAM. I can use   
my passwd+ code. You can use npasswd. The results will be the same for   
both of us.

If you do wish to do a npasswd module, then you may wish to look at the   
existing passwd+ code for a model.

I do have one request however, and that is that people who distribute the   
package (as, for example, RedHat when they build their distribution to   
use PAM) also include the passwd+ module code with it. You don't need to   
hook it into the /etc/pam.conf file, but at least include it with the   
rest of the modules. Please just don't 'pick and choose' what you will   
package with a distribution. That is not fair.

From:  morgan[SMTP:morgan@physics.ucla.edu]
Sent:  Friday, June 21, 1996 12:06 PM
To:  pam-list
Subject:  Re: passwd

There is already something started along these lines: the pam_passwd+

It needs some applications/the unix_module to be finished before it
can be properly finished..

Perhaps it is close enough?

Michael K. Johnson wrote:
> Red Hat Linux uses npasswd, which has lots of nice checking built into
> it.  However, its structure really isn't built around pam...  I am
> thinking of writing a pam-passwd package with the password checking
> libs from npasswd and the password-changing logic from the passwd.c
> distributed with Linux-PAM  

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []