On Sun, 24 Jun 2007 gremlin@private wrote: > On Sat, Jun 23, 2007 at 11:01:04AM -0600, Vincent Danen wrote: > > > Quick question. Does pam_passwdqc support password history? > > Not just comparing the current password to the new password, > > but seeing if it's similar to, say, any of the last 3 > > passwords a user used? Apparently some government/company > > legislation/policies require history checking of current-N > > passwords, and I'm wondering if passwdqc does this. > > It does NOT and, I hope, never will - all these "password > history policies" require storing plaintext password somewhere, > which is absolutely inacceptable. I'd say it is still possible to store older hashes rather than passwords theirselves. This will not allow to check passwords for 'similarity' but obviously will allow to check is the new password is exacly the same as one in the history. And it is not that inacceptable as storing plaintext passwords. -- Croco -- To unsubscribe, e-mail owl-users-unsubscribe@private and reply to the automated confirmation request that will be sent to you.
This archive was generated by hypermail 2.1.3 : Sun Jun 24 2007 - 03:51:44 PDT