[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_unix, cracklib, Makefiles



On Fri, Dec 17, 1999 at 08:31:03AM +0100, Thorsten Kukuk wrote:
> On Thu, Dec 16, Marcus Harnisch wrote:
> 
> 
> >  > The only thing I find very bad is, that pam_cracklib does not
> >  > read a config file. If I wish to change on option (for example
> >  > min length of a password), I need to grep through all config
> >  > files and make the necessary changes.
> > 
> > Hmm, this is IMHO a matter of personal taste. I could imagine that I
> > actually want a different configuration for different services which
> > couldn't be achieved easily by a global config file. Many other PAM
> > modules have to be configured without a config file, too.
> 
> Yes, but I don't think a user should be allowed to use a weak password,
> because he logs in with rlogin when his password needs to be changed,
> and the user calling "passwd" has to choose a very good one. The
> configuration for changing the password should be the same for everybody.
> 
> It's hard enough to find out which programs let the user change the
> password, in the moment I know of login, rlogin, OpenSSH and passwd.
>   

You could just remove the "password" types from all the pam.d files and
place just one in the "other" file.

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  -  collinbm@djj.state.va.us  -  bmc@visi.net    '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []