* Solar Designer <solar@private> [2007-06-24 07:59:12 +0400]: >> Of course, that doesn't stop legislaters from specifying they want or >> need something like this, so if something like this were to make it's >> way into pam_passwdqc (as, from my understanding, pam_cracklib is what >> would be doing this, not pam_unix), I think it might make it more >> palatable to some people (with the appropriate warnings/compile-time >> disablers, etc.). > >I agree, except for one thing: > >Of the bundled Linux-PAM modules, pam_unix both consults and updates the >password history file, whereas pam_cracklib merely consults the file (in >fact, there's some duplicate code between pam_unix and pam_cracklib). >So I think that the password history would work with Linux-PAM's >pam_unix alone and no pam_cracklib. You might want to give this a try. >If so, replacing pam_cracklib with pam_passwdqc will not prevent the >password history from working. (However, replacing pam_unix with >pam_tcb will.) This might make it easier for you to get pam_passwdqc >into Mandriva. Ahhhh... ok, I'll play around with this and will see what happens. If this does work, then pam_passwdqc can definitely replace cracklib (although I suspect I could make it happen regardless). >Neither pam_unix nor pam_cracklib are a part of Owl, so this discussion >is getting somewhat off-topic for owl-users. The aspect that is on >topic is that wider adoption of components from Owl (such as our PAM >modules) by other distributions makes our development efforts more >worthwhile and indirectly helps Owl development. Fair enough, and thanks for indulging the question on the owl-users list. =) I very much apprecate the insights. And you're right... I'm all for a wider adoption of this stuff because I think it's fantastic. =) Thanks again. -- Vincent Danen @ http://linsec.ca/
This archive was generated by hypermail 2.1.3 : Sun Jun 24 2007 - 12:53:56 PDT