Re: pam.d common-passwd: obscure option includes "similar" but is vague

[Nicolas François <nicolas.francois@centraliens.net>]

Hello,

On Thu, Mar 23, 2006 at 11:36:05AM -0800, prosolutions@gmx.net wrote:
> 
> in /etc/pam.d/common-password there is:
> 
> password   required   pam_unix.so nullok obscure min=4 max=8 md5

I've just noticed that the obscure option doesn't work (#358697)

> Does anyone know what is the exact definition of
> "similar"?  Exactly how many characters must not be similar between the
> old and new passwords to satisfy this requirement?

A password is "similar" if the new password has less than 8 characters,
and more than an half of the characters were also used in the old
password.

> Does anyone know the exact definition of "simple"?  From manual testing
> it appears that the password cannot be a dictionary word, but beyond
> that it can consist of all lower-case letters only.

Maybe the dictionnary check comes from a pam_cracklib line.

The "simple" check checks the length of the password. The password must
be at least 8 characters long if it uses only characters from one type
(digits, upper case, lower case, other), at least 7 characters long if it
uses characters from two of these types, and so on.

Kind Regards,
-- 
Nekral