From: Elad Efrat (eladNetBSD.org)
Date: Mon Jan 25 2010 - 21:02:31 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Matthias Drochner wrote:
> Would someone with some understanding of PAM please review my change
> to libpam which fixes an old bug preventing the use of PAM modules
> to check a password on attempts to change it. This is:
>
> src/lib/libpam/modules/pam_unix/pam_unix.c rev. 1.14
>
> I'd like to have this patch pulled up to at least the 5.x release
> branch because "passwdqc" seems to be a popular tool for that
> purpose (FreeBSD and DragonFly have added it to the base system
> apparently), and it would look bad if it didn't work on our
> official release.
> passwdqc is in pkgsrc, and its homepage refers to the NetBSD port.
>
> While we are here: I'd suggest to drop the pw_policy(3) stuff
> in NetBSD's libutil. Its API (and the semantics of weighting the
> strengths of a password) is so strange that I can't imagine
> any use for it. Would you miss it?

I wouldn't. I also think that password "strength" checking is absolutely
ridiculous. Ideally I would like us to provide real security features to
our users as opposed to what seems popular... but I don't have time to
do any of the work involved, so I won't be raising any objections.

-e.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]