password quality script aka --with-cracklib replacement
Andrew Bartlett
abartlet at samba.org
Thu Feb 13 20:43:57 GMT 2003
On Fri, 2003-02-14 at 02:09, David Collier-Brown -- Customer Engineering
wrote:
> Martin Pool wrote:
> > The PAM module might store previous passwords in a database (e.g. tdb)
> > that it maintains. Every time a password is set, it gets put in
> > there, with any other appropriate information (date?). When a new
> > password-setting attempt is made, it checks against the history, plus
> > other strength checks.
>
> Do we even need to save the decrypted password?
> A colleague once saved old encrypted passwords
> to allow the "do they really know the old one"
> test to be done via challange-response.
Anybody doing this 'must change password every x days' thing has to
store the decrypted password, or else your users change from password1
to password2 to password3 then back to password1.
We need to allow this possibility.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030214/d5b559f4/attachment.bin
More information about the samba-technical
mailing list