[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: logging password changes

On Mon, Apr 03, 2000 at 01:31:34PM -0400, Ben Collins wrote:
> Install libpam-doc, which is more up-to-date and probably more complete
> than the above address. Adding session to the passwd pam.d file doesn't
> seem like the right solution. The PAM library itself should log when the
> authentication tokens are updated or changed.

OK I looked at the stuff in libpam-doc but it turns out to be the same
date as the documents on the URL I mentioned.

I did mess with this some more and I got it to work the way I want by
substituting the pam_pwdb module:

password required       pam_cracklib.so retry=3 minlen=6 difok=4
password required       pam_pwdb.so use_authtok md5 

Is there any chance of making this the default (assuming I didn't just
open up any gaping security holes)?  I notice that pam_pwdb is part of a
different package which may make this difficult.

Or, maybe better syslog support can be added to the pam_unix module?


Reply to: