[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

pam.d common-passwd: obscure option includes "similar" but is vague

in /etc/pam.d/common-password there is:

password   required   pam_unix.so nullok obscure min=4 max=8 md5



reading /usr/share/doc/libpam-doc/txt/pam.txt.gz to find the definition
of "obscure":

Palindrome: Is the new password a palindrome of the old one? A
palindrome is where the words read the same backwards and forwards (eg. madam and radar).

Case Change Only: Is the new password the the old one with only a change
of case?

Similar: Is the new password too much like the old one?

Simple: Is the new password too small? This is based on the length of the password and the number of different types of characters used (ie.alpha, numeric...).

Rotated: Is the new password a rotated version of the old password (eg. "billy" and "illyb")?


Does anyone know what is the exact definition of
"similar"?  Exactly how many characters must not be similar between the
old and new passwords to satisfy this requirement?


Does anyone know the exact definition of "simple"?  From manual testing
it appears that the password cannot be a dictionary word, but beyond
that it can consist of all lower-case letters only.  This does not seem
to agree with the definition in the doc.  Also its not clear why the
definition mentions length of password since that is provided by the
min= paramenter.
Reply to: