Why passwd command does not work with pam_unix_passwd.c module source code
Stephanie.CTR.Formica at faa.gov
Stephanie.CTR.Formica at faa.gov
Wed Mar 25 13:04:54 UTC 2015
I have a small challenge and would appreciate any guidance... I have been required to determine the length of a new password during a RHEL6 password change.
I have modified the PAM source code, by adding an "if" statement in /modules/pam_unix/pam_unix_password.c (shown below) to do this after the password has been changed.
This "if" statement works perfectly when the password is changed from the login screen. BUT, if I run the "passwd" command from a terminal window, the statement does not appear to run at all. Can you please help me understand why?
...
static int _pam_unix_approve_pass(pam_handle_t * pamh
,unsigned int ctrl
,const char *pass_old
,const char *pass_new)
{
const void *user;
const char *remark = NULL;
int retval = PAM_SUCCESS;
D(("&new=%p, &old=%p", pass_old, pass_new));
D(("new=[%s]", pass_new));
D(("old=[%s]", pass_old));
if (pass_new == NULL || (pass_old && !strcmp(pass_old, pass_new))) {
if (on(UNIX_DEBUG, ctrl)) {
pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
}
_make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
_("No password supplied") : _("Password unchanged"));
return PAM_AUTHTOK_ERR;
}
/*
* if one wanted to hardwire authentication token strength
* checking this would be the place - AGM
*/
retval = pam_get_item(pamh, PAM_USER, &user);
if (retval != PAM_SUCCESS) {
if (on(UNIX_DEBUG, ctrl)) {
pam_syslog(pamh, LOG_ERR, "Can not get username");
return PAM_AUTHTOK_ERR;
}
}
if (off(UNIX__IAMROOT, ctrl)) {
if (strlen(pass_new) < 6)
remark = _("You must choose a longer password");
D(("length check [%s]", remark));
*******************************************
**//added the 13 character password check**
**if(strlen(pass_new) >=13)**
**system("echo 13char > /tmp/Password_length.text");**
*******************************************
if (on(UNIX_REMEMBER_PASSWD, ctrl)) {
if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR)
remark = _("Password has been already used. Choose another.");
if (retval == PAM_ABORT) {
pam_syslog(pamh, LOG_ERR, "can't open %s file to check old passwords",
OLD_PASSWORDS_FILE);
return retval;
}
}
}
...
Thank you,
Stephanie Formica
Enroute Computer Solutions
FDIO - Second Level Support
Phone: (609) 485-4077
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20150325/18d037c5/attachment.htm>
More information about the Pam-list
mailing list