[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "obscure" in /etc/pam.d/common-password what does it mean exactly?

> 
> On Wed, Mar 22, 2006 at 03:33:39PM -0800, prosolutions@gmx.net wrote:
> > 
> > I've scoured through all Debian pam documentation, upstream PAM docs,
> > and did extensive googling but cannot find the definition of "obscure"
> > as it applies to common-password.  Anyone have any info on this?
> > 
> > 
> > I am assuming this is where the default system password policy is set:
> > 
> > 
> > password   required   pam_unix.so nullok obscure min=4 max=8 md5
> 
> You can find the documentation of the pam_unix module in the libpam-doc package (/usr/share/doc/libpam-doc/txt/pam.txt.gz):
> 
>         The obscure option enables some extra checks on the password.
>         These is taken after the same obscure checks enabled in the
>         original shadow package. This works very similar to the
>         pam_cracklib module and implements these checks (it does not
>         implement dictionary checks):
>         * Palindrome
>         * Case Change Only
>         * ...
> 


One further question: I've been making edits to
/etc/pam.d/common-password to test various options and some of them
don't seem to have an effect,

for example i can change min= to some value and i see that the policy is
effective immediately.  but i've tried setting difok=3 which isn't
having any effect.
Reply to: