password quality script aka --with-cracklib replacement
David Collier-Brown -- Customer Engineering
David.Collier-Brown at sun.com
Thu Feb 13 21:11:40 GMT 2003
Andrew Bartlett wrote:
> or else your users change from password1
> to password2 to password3 then back to password1.
They sure do! I hate that...
I spoke to my colleague, and he refreshed my memory
about that part: we variously used crypt or an MD4
hash to encrypt passwords and stored the encrypted
form in a lookup table of N elements per user. If
someone changed their password, we encrypted it
and looked to se if it was already there, and if not
replaced the oldest stored copy.
To avoid collisions with other people's
passwords causing false positives, we generated
a salt from the userid, and applied it as part of
the encryption, but did not store the salt in the
lookup table so you couldn't see it was salted
deterninistically from just looking at the
file.
--dave
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems DCMO | some people and astonish the rest.
Toronto, Ontario |
(905) 415-2849 or x52849 | davecb at canada.sun.com
More information about the samba-technical
mailing list