Re: logging password changes
On Mon, Apr 03, 2000 at 01:31:34PM -0400, Ben Collins wrote:
> Install libpam-doc, which is more up-to-date and probably more complete
> than the above address. Adding session to the passwd pam.d file doesn't
> seem like the right solution. The PAM library itself should log when the
> authentication tokens are updated or changed.
OK I looked at the stuff in libpam-doc but it turns out to be the same
date as the documents on the URL I mentioned.
I did mess with this some more and I got it to work the way I want by
substituting the pam_pwdb module:
password required pam_cracklib.so retry=3 minlen=6 difok=4
password required pam_pwdb.so use_authtok md5
Is there any chance of making this the default (assuming I didn't just
open up any gaping security holes)? I notice that pam_pwdb is part of a
different package which may make this difficult.
Or, maybe better syslog support can be added to the pam_unix module?