[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_passwdqc ldap problems



Chris,

On Tue, Aug 24, 2004 at 02:03:27PM -0400, Adams, Chris M, CTR,, DMDCWEST wrote:
> # Password management
> #
> other   password requisite              pam_passwdqc.so
> min=disabled,disabled,di
> sabled,disabled,8 max=8 passphrase=0 match=0 similar=deny random=0
> enforce=every
> one retry=1 ask_oldauthtok=update check_oldauthtok
> other   password required               pam_dhkeys.so.1

You should have stacked pam_passwdqc after pam_dhkeys, not before.
And there should be no need for "ask_oldauthtok=update
check_oldauthtok" on your recent/patched Solaris 8 (it's almost
Solaris 9 in fact).

Also, I'm not sure what you're trying to achieve with "match=0
similar=deny"?  (This is not related to the problem at hand, but
simply looks weird to me.)

The settings which should work for your system are as follows:

passwd  auth required           pam_passwd_auth.so.1
[...]
other   password required       pam_dhkeys.so.1
other   password requisite      pam_passwdqc.so max=8 retry=1
other   password required       pam_authtok_store.so.1

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]