[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: enforcing strong passwords

also sprach Christian Jaeger <christian.jaeger@sl.ethz.ch> [2002.01.19.0130 +0100]:
> You could just use the cracklib yourself before accepting the 
> password and feeding it to the passwd command. I'm doing it this way.

but that wouldn't solve my problem. it wouldn't enforce digits and/or
symbols. cracklib doesn't really do that.

aside, feeding the output to the passwd command is more of a pain, and i
want to use PAM simply because it's the cleanest approach, and that's
what it was designed for.

> BTW the only thing that's still very unclear to me is where cracklib 
> get's the dictionary files from. The manpage states that there's a 
> cronjob for it but I don't yet understand what it does.

/etc/cracklib/cracklib.conf basically gets a list of all files in
/usr/share/dict and /usr/dict, which the cronjob then uses to assemble
/var/cache/cracklib/cracklib_dict.{hwm,pw{d,i}}. these are the actual
data used by cracklib, compiled to enhance performance. makes sense now?

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
"i wish there was a knob on the tv to turn up the intelligence.
 there's a knob called 'brightness', but it doesn't seem to work."
                                                          -- gallagher

Attachment: pgp4HlLESOX_N.pgp
Description: PGP signature

Reply to: