Re: pam.d common-passwd: obscure option includes "similar" but is vague
Hello,
On Thu, Mar 23, 2006 at 11:36:05AM -0800, prosolutions@gmx.net wrote:
>
> in /etc/pam.d/common-password there is:
>
> password required pam_unix.so nullok obscure min=4 max=8 md5
I've just noticed that the obscure option doesn't work (#358697)
> Does anyone know what is the exact definition of
> "similar"? Exactly how many characters must not be similar between the
> old and new passwords to satisfy this requirement?
A password is "similar" if the new password has less than 8 characters,
and more than an half of the characters were also used in the old
password.
> Does anyone know the exact definition of "simple"? From manual testing
> it appears that the password cannot be a dictionary word, but beyond
> that it can consist of all lower-case letters only.
Maybe the dictionnary check comes from a pam_cracklib line.
The "simple" check checks the length of the password. The password must
be at least 8 characters long if it uses only characters from one type
(digits, upper case, lower case, other), at least 7 characters long if it
uses characters from two of these types, and so on.
Kind Regards,
--
Nekral
Reply to: