password quality script aka --with-cracklib replacement

David Collier-Brown -- Customer Engineering David.Collier-Brown at Sun.COM
Thu Feb 13 15:09:50 GMT 2003

Martin Pool wrote:
> The PAM module might store previous passwords in a database (e.g. tdb)
> that it maintains.  Every time a password is set, it gets put in
> there, with any other appropriate information (date?).  When a new
> password-setting attempt is made, it checks against the history, plus
> other strength checks.

	Do we even need to save the decrypted password?
	A colleague once saved old encrypted passwords
	to allow the "do they really know the old one"
	test to be done via challange-response.

David Collier-Brown,           | Always do right. This will gratify 
Sun Microsystems DCMO          | some people and astonish the rest.
Toronto, Ontario               |
(905) 415-2849 or x52849       | davecb at

More information about the samba-technical mailing list