password quality script aka --with-cracklib replacement
abartlet at samba.org
Thu Feb 13 20:43:57 GMT 2003
On Fri, 2003-02-14 at 02:09, David Collier-Brown -- Customer Engineering
> Martin Pool wrote:
> > The PAM module might store previous passwords in a database (e.g. tdb)
> > that it maintains. Every time a password is set, it gets put in
> > there, with any other appropriate information (date?). When a new
> > password-setting attempt is made, it checks against the history, plus
> > other strength checks.
> Do we even need to save the decrypted password?
> A colleague once saved old encrypted passwords
> to allow the "do they really know the old one"
> test to be done via challange-response.
Anybody doing this 'must change password every x days' thing has to
store the decrypted password, or else your users change from password1
to password2 to password3 then back to password1.
We need to allow this possibility.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030214/d5b559f4/attachment.bin
More information about the samba-technical