I am wondering where the pwdb module is? Apparently it is an improvment for pam_unix that can be stacked with cracklib... and on another note, I set PASSWD_USE_CRACKLIB="yes" in rc.config yet my /etc/pam.d/passwd file is simply auth required /lib/security/pam_unix.so nullok account required /lib/security/pam_unix.so password required /lib/security/pam_unix.so strict=true session required /lib/security/pam_unix.so which seems like a contradiction. please help. thank you. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Hi, On Thu, Jan 13, A Nourai wrote:
I am wondering where the pwdb module is?
For what do you need the pwdb module ? It is bogus and stupid. But you can install the pwdb package if you really think you need it.
Apparently it is an improvment for pam_unix that can be stacked with cracklib...
and on another note, I set PASSWD_USE_CRACKLIB="yes" in rc.config
yet my /etc/pam.d/passwd file is simply
auth required /lib/security/pam_unix.so nullok account required /lib/security/pam_unix.so password required /lib/security/pam_unix.so strict=true session required /lib/security/pam_unix.so
which seems like a contradiction.
Why ? Ever read Docu ? pam_unix.so with parameter strict=true will check your passwords through cracklib. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de SuSE GmbH Schanzaeckerstr. 10 90443 Nuernberg Linux is like a Vorlon. It is incredibly powerful, gives terse, cryptic answers and has a lot of things going on in the background. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Fri, 14 Jan 2000, Thorsten Kukuk wrote:
Hi,
On Thu, Jan 13, A Nourai wrote:
I am wondering where the pwdb module is?
For what do you need the pwdb module ? It is bogus and stupid. But you can install the pwdb package if you really think you need it.
Apparently it is an improvment for pam_unix that can be stacked with cracklib...
and on another note, I set PASSWD_USE_CRACKLIB="yes" in rc.config
yet my /etc/pam.d/passwd file is simply
auth required /lib/security/pam_unix.so nullok account required /lib/security/pam_unix.so password required /lib/security/pam_unix.so strict=true session required /lib/security/pam_unix.so
which seems like a contradiction.
Why ? Ever read Docu ? pam_unix.so with parameter strict=true will check your passwords through cracklib.
Thorsten
I did read a lot of docu before I mailed this. The first thing I read was /usr/doc/packages/pam/modules/README.pam_cracklib, since I was ineterested in cracklib. It stated that the pam_cracklib module could not be guaranteed to work correctly if stacked with pam_unix. IAccording to it, it needed to be stacked with pam_pwdb. I also looked at the documentation in /usr/doc/packages/pam/html/ and read the section on the pam_unix module. It didnt mention the strict parameter. As to why I'd like to use pwdb.... I'd like to support passwords longer than 8 characters. I'd like to use the pam_limits module (ie set limits in /etc/security/limits.conf). It is not the pwdb lib that I'm really interested in, but pam_pwdb. If you could epxlain to me how to enable long passwords with or without it, it would be much appreciated. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Hi, On Fri, Jan 14, A Nourai wrote:
I did read a lot of docu before I mailed this. The first thing I read was /usr/doc/packages/pam/modules/README.pam_cracklib, since I was ineterested in cracklib. It stated that the pam_cracklib module could not be guaranteed to work correctly if stacked with pam_unix. IAccording to it, it needed to be stacked with pam_pwdb. I also looked at the
Yes, the pam_cracklib author and the pam_pwdb author are the same. But he is wrong. With the SuSE pam_unix it works. The Author makes a second mistake: At the time he wrote that, there doesn't even exist a pam_unix module.
documentation in /usr/doc/packages/pam/html/ and read the section on the pam_unix module. It didnt mention the strict parameter.
On SuSE Linux 6.x there is no section about pam_unix, because I hadn't the time to write it. So I don't know where you read it. But there is /usr/doc/packages/pam/modules/README.pam_unix, and strict= is mentioned there. (And has a YaST option as you have seen).
As to why I'd like to use pwdb.... I'd like to support passwords longer than 8 characters.
You know that there are a lot of programs which does not support passwords longer than 8 characters and will core dump ? It's a common problem with some programs on RedHat 6.x if you enable md5 hashes.
I'd like to use the pam_limits module (ie set limits in /etc/security/limits.conf).
It is not the pwdb lib that I'm really interested in, but pam_pwdb.
What does pam_pwdb have to do with pam_limits ? Nothing. This is the advantage of PAM, you can stack every module you wish. If a author says it does only work with his own modules, it's a bug in a module which should be fixed. kukuk@allen:/src > cat /etc/pam.d/login #%PAM-1.0 auth requisite /lib/security/pam_unix.so nullok #set_secrpc auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth required /lib/security/pam_env.so auth required /lib/security/pam_mail.so account required /lib/security/pam_unix.so password required /lib/security/pam_unix.so strict=true session required /lib/security/pam_unix.so debug # none or trace session required /lib/security/pam_limits.so ^^^^^^^^^^^^^^^^^^^^^^^^^^^ It is already in our PAM configuration for login. And it works without pam_pwdb.
If you could epxlain to me how to enable long passwords with or without it, it would be much appreciated.
Since yesterday my pam_unix can handle bigcrypt (16 character passwords) and md5 hashes. But it is not possible with the version on SuSE Linux 6.3 yet. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de SuSE GmbH Schanzaeckerstr. 10 90443 Nuernberg Linux is like a Vorlon. It is incredibly powerful, gives terse, cryptic answers and has a lot of things going on in the background. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Fri, 14 Jan 2000, Thorsten Kukuk wrote:
Hi,
On Fri, Jan 14, A Nourai wrote:
I did read a lot of docu before I mailed this. The first thing I read was /usr/doc/packages/pam/modules/README.pam_cracklib, since I was ineterested in cracklib. It stated that the pam_cracklib module could not be guaranteed to work correctly if stacked with pam_unix. IAccording to it, it needed to be stacked with pam_pwdb. I also looked at the
Yes, the pam_cracklib author and the pam_pwdb author are the same. But he is wrong. With the SuSE pam_unix it works. The Author makes a second mistake: At the time he wrote that, there doesn't even exist a pam_unix module.
documentation in /usr/doc/packages/pam/html/ and read the section on the pam_unix module. It didnt mention the strict parameter.
On SuSE Linux 6.x there is no section about pam_unix, because I hadn't the time to write it. So I don't know where you read it. But there is /usr/doc/packages/pam/modules/README.pam_unix, and strict= is mentioned there. (And has a YaST option as you have seen).
As to why I'd like to use pwdb.... I'd like to support passwords longer than 8 characters.
You know that there are a lot of programs which does not support passwords longer than 8 characters and will core dump ? It's a common problem with some programs on RedHat 6.x if you enable md5 hashes.
I'd like to use the pam_limits module (ie set limits in /etc/security/limits.conf).
It is not the pwdb lib that I'm really interested in, but pam_pwdb.
What does pam_pwdb have to do with pam_limits ? Nothing. This is the advantage of PAM, you can stack every module you wish. If a author says it does only work with his own modules, it's a bug in a module which should be fixed.
kukuk@allen:/src > cat /etc/pam.d/login #%PAM-1.0 auth requisite /lib/security/pam_unix.so nullok #set_secrpc auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth required /lib/security/pam_env.so auth required /lib/security/pam_mail.so account required /lib/security/pam_unix.so password required /lib/security/pam_unix.so strict=true session required /lib/security/pam_unix.so debug # none or trace session required /lib/security/pam_limits.so ^^^^^^^^^^^^^^^^^^^^^^^^^^^
It is already in our PAM configuration for login. And it works without pam_pwdb.
Yep I see this. The Pam sys admin guide (in ../doc/pam/html) says pam_limits needs limits.conf and pwdb...guess this isnt true at all.
If you could epxlain to me how to enable long passwords with or without it, it would be much appreciated.
Since yesterday my pam_unix can handle bigcrypt (16 character passwords) and md5 hashes. But it is not possible with the version on SuSE Linux 6.3 yet.
This sounds great. I dont know anything about md5 hashes (although ive seen a lot of guides recommend redhat users to enable it), but will try to learn about it.
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de SuSE GmbH Schanzaeckerstr. 10 90443 Nuernberg Linux is like a Vorlon. It is incredibly powerful, gives terse, cryptic answers and has a lot of things going on in the background.
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (2)
-
kukuk@suse.de
-
nagash@ozemail.com.au