tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: PAM Stacking



To: tech-pkg%netbsd.org@localhost
Subject: Re: PAM Stacking
From: "John R. Shannon" <john%johnrshannon.com@localhost>
Date: Wed, 09 Jan 2008 07:39:39 -0700
 
John R. Shannon wrote:

I've been working on a package for pam_passwdqc, a password strength checking  module, an I'm encountering a problem with module stacking. I'm wondering if  this has been encountered with other PAM modules and has a suffestion. 

If I configure PAM like this:

password  requisite   /usr/pkg/lib/security/pam_passwdqc.so  ask_oldauthtok
password  required  pam_unix.so  no_warn use_first_pass debug

$ passwd
Changing password for john.
Enter current password:

You can now choose the new password or passphrase.
A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use a 9 character long
password with characters from at least 3 of these 4 classes, or
an 8 character long password containing characters from all the
classes.  An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.
A passphrase should be of at least 3 words, 12 to 40 characters
long and contain enough different characters.
Alternatively, if noone else can see your terminal now, you can
pick this as your password: "piston worthy rune sheer hair".
Enter new password:
Re-type new password:
Unable to change auth token: authentication error

and the following is logged:
passwd: in _openpam_check_error_code(): pam_sm_chauthtok(): unexpected return  value 9
If I change from use_first_pass try_first_pass it works, but, password must be  entered for each PAM module. 




I neglected to mention that I'm testing on NetBSD 4.0 amd64 with:

$ cat /etc/passwd.conf
default:
  localcipher = blowfish,7
  ypcipher = blowfish,7

--
John R. Shannon
STAR Technologies, LLC
A DSCI Company
jshannon%dsci.com@localhost
john.r.shannon%us.army.mil@localhost
shannonjr%NetBSD.org@localhost

References:

PAM Stacking
From: John R. Shannon


Prev by Date: Re: missing Apache licence

Next by Date: new option "buildxs" for Perl modules

Previous by Thread: PAM Stacking

Next by Thread: missing Apache licence

Indexes:

reverse Date
reverse Thread
Old Index


Home | Main Index | Thread Index | Old Index