[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

UNSUBSCRIBE



pam-list@redhat.com schrieb am 20.02.02:
> Hi,
> 
> > Pam_unix2
> > 
> > This module from Thorsten Kukuk improves the NIS support for changing
> > passwords compared to the standard pam_unix module although has a smaller
> > number of options than the former.  Pam_unix2 doesn't need a specific
> > option to change the nis passwords, it's "clever" enough to find out
> > whether the account it's dealing with is local or NIS.  In this case the
> > configuration of the file /etc/pam.d/passwd is simpler:
> > 
> > password   required	pam_cracklib.so retry=3 retry=3 minlen=9 difok=3
> 
> Why not use pam_pwcheck?
> 
> > password   required	pam_unix2 md5 use_authok
> > 
> > In the first entry pam_cracklib checks the quality of the new password and
> > in the second the correct password is changed be it local or NIS.  With
> > pam_unix2 when the root user in a NIS client wants to change the NIS
> > password of a normal user, he is not asked for the root password of the NIS
> > server but for the old password of the user, the philosophy here is that
> > it's enough to know the user password to be able to change it.
> > 
> > 
> > PROBLEMS WITH PAM_UNIX2
> > 
> > This module is promising but unfortunately is not ready enough for general
> > use in the situation showed here, the problems found were:
> > 
> > -The debug option described in the documentation doesn't work and causes an
> >  error through syslog:
> > 
> >  petrel PAM-unix2[2880]: password: Unknown option: debug
> 
> Fixed on current SuSE Linux distributions.
> 
> > -When a password is changed successfully there is no record through syslog.
> 
> Why should there a syuslog entry on the client? It is much simpler to 
> have this all on the server.
> 
> > 
> > -The option use_authok described in the documentation and essential for
> >  this situation is not supported giving the following error through syslog:
> > 
> >  petrel PAM-unix2[3501]: password: Unknown option: use_authok
>                                                    
> Typo of the README, the source and all other modules should show you that
> the correct argument is "use_authtok"
> 
> > -The module doesn't work at all when it is stacked with pam_cracklib, and
> >  again this is essential for the described situation.
> 
> It should work, but I prefer pam_pwcheck instead of pam_cracklib.
> 
>   Thorsten
> 
> -- 
> Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
> SuSE Linux AG        Deutschherrenstr. 15-19       D-90429 Nuernberg
> --------------------------------------------------------------------    
> Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jeremias Blendin   *   jeremias@blendin.de   *   0173 / 6516928
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
______________________________________________________________________________
Geben Sie Ihren Lottotipp gerne auf den letzten Drücker ab?Beim WEB.DE
Lottoservice gibt's keine Warteschlangen. http://tippen2.web.de/?x=9





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []