password quality script aka --with-cracklib replacement

Andrew Bartlett abartlet at
Thu Feb 13 20:43:57 GMT 2003

On Fri, 2003-02-14 at 02:09, David Collier-Brown -- Customer Engineering
> Martin Pool wrote:
> > The PAM module might store previous passwords in a database (e.g. tdb)
> > that it maintains.  Every time a password is set, it gets put in
> > there, with any other appropriate information (date?).  When a new
> > password-setting attempt is made, it checks against the history, plus
> > other strength checks.
> 	Do we even need to save the decrypted password?
> 	A colleague once saved old encrypted passwords
> 	to allow the "do they really know the old one"
> 	test to be done via challange-response.

Anybody doing this 'must change password every x days' thing has to
store the decrypted password, or else your users change from password1
to password2 to password3 then back to password1.

We need to allow this possibility.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list