On Sat, Jun 23, 2007 at 08:22:19PM -0600, Vincent Danen wrote: > Of course, that doesn't stop legislaters from specifying they want or > need something like this, so if something like this were to make it's > way into pam_passwdqc (as, from my understanding, pam_cracklib is what > would be doing this, not pam_unix), I think it might make it more > palatable to some people (with the appropriate warnings/compile-time > disablers, etc.). I agree, except for one thing: Of the bundled Linux-PAM modules, pam_unix both consults and updates the password history file, whereas pam_cracklib merely consults the file (in fact, there's some duplicate code between pam_unix and pam_cracklib). So I think that the password history would work with Linux-PAM's pam_unix alone and no pam_cracklib. You might want to give this a try. If so, replacing pam_cracklib with pam_passwdqc will not prevent the password history from working. (However, replacing pam_unix with pam_tcb will.) This might make it easier for you to get pam_passwdqc into Mandriva. Neither pam_unix nor pam_cracklib are a part of Owl, so this discussion is getting somewhat off-topic for owl-users. The aspect that is on topic is that wider adoption of components from Owl (such as our PAM modules) by other distributions makes our development efforts more worthwhile and indirectly helps Owl development. -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail owl-users-unsubscribe@private and reply to the automated confirmation request that will be sent to you.
This archive was generated by hypermail 2.1.3 : Sat Jun 23 2007 - 21:04:31 PDT