[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: enforcing strong passwords

I am not quite sure why you would want root's attempts to fail.  root (I assume you) should know a good password from a bad one when you set it.  The system will generally warn you that the passwd that you are setting is lousy but will let you set it if you insist (Just the way it should be).  When I am logged in as root I don't want my system second guessing anything I do (even if that thing is rm -rf /).

Just a thought...


-----Original Message-----
From: martin f krafft <madduck@madduck.net>
To: debian security <debian-security@lists.debian.org>
Date: Fri, 18 Jan 2002 15:24:35 +0100
Subject: enforcing strong passwords

libpam-cracklib is nice, but how do i get PAM to enforce at least one
upper case letter, and at least on of {symbol,digit}?

also, are there any PAM programmer cracks here? i have a program here
[1] that registers with PAM as the passwd service, but since it runs as
root, it ignore libpam-cracklib. i wouldn't mind adding that support,
but i am a PAM-newbie and don't know how to obtain the message that the
e.g. passwd binary gives when a password failed cracklib:

  New UNIX password:
  BAD PASSWORD: it is based on a dictionary word

running passwd as root causes the warning to be displayed, but PAM still
succeeds (obviously). i want it to fail even for root, or i want at
least access to that message. and the passwd sources are really

  1. http://ceti.pl/~kravietz/progs/poppassd-1.8-ceti.tar.gz

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck

fashions have done more harm than revolutions.
                                                        -- victor hugo

Reply to: