password quality script aka --with-cracklib replacement
David Collier-Brown -- Customer Engineering
David.Collier-Brown at Sun.COM
Thu Feb 13 15:09:50 GMT 2003
Martin Pool wrote:
> The PAM module might store previous passwords in a database (e.g. tdb)
> that it maintains. Every time a password is set, it gets put in
> there, with any other appropriate information (date?). When a new
> password-setting attempt is made, it checks against the history, plus
> other strength checks.
Do we even need to save the decrypted password?
A colleague once saved old encrypted passwords
to allow the "do they really know the old one"
test to be done via challange-response.
--dave
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems DCMO | some people and astonish the rest.
Toronto, Ontario |
(905) 415-2849 or x52849 | davecb at canada.sun.com
More information about the samba-technical
mailing list