Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Solar Designer (solaropenwall.com)
Date: Sat Jun 23 2007 - 22:59:12 CDT
On Sat, Jun 23, 2007 at 08:22:19PM -0600, Vincent Danen wrote:
> Of course, that doesn't stop legislaters from specifying they want or
> need something like this, so if something like this were to make it's
> way into pam_passwdqc (as, from my understanding, pam_cracklib is what
> would be doing this, not pam_unix), I think it might make it more
> palatable to some people (with the appropriate warnings/compile-time
> disablers, etc.).
I agree, except for one thing:
Of the bundled Linux-PAM modules, pam_unix both consults and updates the
password history file, whereas pam_cracklib merely consults the file (in
fact, there's some duplicate code between pam_unix and pam_cracklib).
So I think that the password history would work with Linux-PAM's
pam_unix alone and no pam_cracklib. You might want to give this a try.
If so, replacing pam_cracklib with pam_passwdqc will not prevent the
password history from working. (However, replacing pam_unix with
pam_tcb will.) This might make it easier for you to get pam_passwdqc
Neither pam_unix nor pam_cracklib are a part of Owl, so this discussion
is getting somewhat off-topic for owl-users. The aspect that is on
topic is that wider adoption of components from Owl (such as our PAM
modules) by other distributions makes our development efforts more
worthwhile and indirectly helps Owl development.
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments
To unsubscribe, e-mail owl-users-unsubscribelists.openwall.com and reply
to the automated confirmation request that will be sent to you.