Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: password complexity check
Operating Systems Solaris password complexity check Post 302087045 by pressy on Tuesday 29th of August 2006 01:30:09 PM
Old 08-29-2006
look into your /etc/default/passwd, there you will find these things...

Code:
# more /etc/default/passwd

#ident  "@(#)passwd.dfl 1.7     04/04/22 SMI"
#
# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
MAXWEEKS=
MINWEEKS=
PASSLENGTH=6

# NAMECHECK enables/disables login name checking.
# The default is to do login name checking.
# Specifying a value of "NO" will disable login name checking.
#
#NAMECHECK=NO

# HISTORY sets the number of prior password changes to keep and
# check for a user when changing passwords.  Setting the HISTORY
# value to zero (0), or removing/commenting out the flag will
# cause all users' prior password history to be discarded at the
# next password change by any user.  No password history will
# be checked if the flag is not present or has zero value.
# The maximum value of HISTORY is 26.
#
# This flag is only enforced for user accounts defined in the
# local passwd(4)/shadow(4) files.
#
#HISTORY=0
#
# Password complexity tunables.  The values listed are the defaults
# which are compatible with previous releases of passwd.
# See passwd(1) and pam_authtok_check(5) for use warnings and
# discussion of the use of these options.
#
#MINDIFF=3
#MINALPHA=2
#MINNONALPHA=1
#MINUPPER=0
#MINLOWER=0
#MAXREPEATS=0
#MINSPECIAL=0
#MINDIGIT=0
#WHITESPACE=YES
#
#
# passwd performs dictionary lookups if DICTIONLIST or DICTIONDBDIR
# is defined. If the password database does not yet exist, it is
# created by passwd. See passwd(1), pam_authtok_check(5) and
# mkdict(1) for more information.
#
#DICTIONLIST=
#DICTIONDBDIR=/var/passwd

regards pressy
 

10 More Discussions You Might Find Interesting

1. Programming

check root password

hai Friends How can i check the root password of a linux system using a c program or with some shell script... I have seen many tools like webmin that authenticates the user using the root password... How do they do that... Pls help... Thanks in advance Collins (1 Reply)
Discussion started by: collins
1 Replies

2. UNIX for Dummies Questions & Answers

password check

Hi While using Pipe concept ,if a user enters a "login name" and "paswword" ,then how does a child process check for user password is correct or not and give notification to parent process. (1 Reply)
Discussion started by: riya
1 Replies

3. Shell Programming and Scripting

Check password age

Hi Guys, I hope one of you has already done this and is kind enough to share your script with me. I have a Solaris8 server that uses password aging for its local user accounts. I need a script that checks the age of the password and then sends the user an email if the password is about to... (3 Replies)
Discussion started by: Tornado
3 Replies

4. AIX

How to check password expiry in AIX?

Hi All, Could anyone please help me with the command or script for checking the password expiry for a particular userid on AIX. Regards, Sanjay...:) (5 Replies)
Discussion started by: SanjayPasum
5 Replies

5. Shell Programming and Scripting

How can I check that a password is correct?

Hi there, There's something I don't understand. The same string does not give the same md5 hash everytime. I wanted to find a way to check someone's password but the following script obviously shows that it's not possible that way : ks354286:~# user=foo ks354286:~# pw=$(mkpasswd -H md5... (3 Replies)
Discussion started by: chebarbudo
3 Replies

6. UNIX for Dummies Questions & Answers

Check password strength

For moderator: I made a new thread in a proper part of the forum now https://www.unix.com/homework-coursework-questions/137119-user-processes.html But now i wan't to make something which isn't related to a homework, so i hope you won't close this one. Thanks to those two answers, you helped me!... (9 Replies)
Discussion started by: petel1
9 Replies

7. Solaris

Check when password expires

How do I check to see when a password expires on a user account with using the CLI? (1 Reply)
Discussion started by: jastanle84
1 Replies

8. Shell Programming and Scripting

how to check for valid password

I need to check if an account has a valid password. Would something like this work? read ACCNAME if grep -q "^$ACCNAME:\$6:" /etc/shadow; thenI noticed every entry in my shadow file that has a password starts with $6 ... it works for my current setup, but would it always work? I can't test... (4 Replies)
Discussion started by: ADay2Long
4 Replies

9. SuSE

Setting password complexity

Hi, I am setting password complexity in SLES 11. I am able to do most of things pam-config -d --pwcheck pam-config -a --cracklib pam-config -a --cracklib-minlen=8 pam-config -a --cracklib-dcredit=-1 pam-config -a --cracklib-ocredit=-1 pam-config -a --pwhistory pam-config -a... (1 Reply)
Discussion started by: solaris_1977
1 Replies

10. Solaris

Solaris 10 - password complexity not working

I have been trying to enable password complexity variables on Solaris 10 by editing the /etc/default/passwd file but none of my changes are taking effect (I'm still able to set passwords that violate the rules I am trying to implement). I've tried an O/S reboot after the changes but that had no... (6 Replies)
Discussion started by: triggerhippie
6 Replies

LEARN ABOUT SUNOS

pam_authtok_check

pam_authtok_check(5)					Standards, Environments, and Macros				      pam_authtok_check(5)

NAME

       pam_authtok_check - authentication and password management module

SYNOPSIS

       pam_authtok_check.so.1

DESCRIPTION

       pam_authtok_check  provides  functionality  to the Password Management stack. The implementation of pam_sm_chauthtok() performs a number of
       checks on the construction of the newly entered password. pam_sm_chauthtok() is invoked twice by the PAM framework, once with flags set	to
       PAM_PRELIM_CHECK,  and  once  with  flags set to PAM_UPDATE_AUTHTOK. This module only performs its checks during the first invocation. This
       module expects the current authentication token in the PAM_OLDAUTHTOK item, the new (to be checked) password in the PAM_AUTHTOK	item,  and
       the login name in the PAM_USER item. The checks performed by this module are:

       length	       The password length should not be less that the minimum specified in /etc/default/passwd.

       circular shift  The password should not be a circular shift of the login name. This check may be disabled in /etc/default/passwd.

       complexity      The  password  should  contain at least the minimum number of characters described by the parameters MINALPHA, MINNONALPHA,
		       MINDIGIT, and MINSPECIAL. Note that MINNONALPHA describes the same character classes as MINDIGIT and  MINSPECIAL  combined;
		       therefore  the  user  cannot  specify  both MINNONALPHA and MINSPECIAL (or MINDIGIT). The user must choose which of the two
		       options to use. Furthermore, the WHITESPACE parameter determines whether whitespace characters are allowed. If  unspecified
		       MINALPHA is 2, MINNONALPHA is 1 and WHITESPACE is yes

       variation       The  old  and new passwords must differ by at least the MINDIFF value specified in /etc/default/passwd. If unspecified, the
		       default is 3. For accounts in name services which support password history checking, if prior history is defined,  the  new
		       password must not match the prior passwords.

       dictionary checkThe  password  must not be based on a dictionary word. The list of words to be used for the site's dictionary can be speci-
		       fied with DICTIONLIST. It should contain a comma-separated list of filenames, one word per line. The database that is  cre-
		       ated  from  these  files  is  stored in the directory named by DICTIONDBDIR (defaults to /var/passwd). See mkpwdict(1M) for
		       information on pre-generating the database. If neither DICTIONLIST nor DICTIONDBDIR is specified, no  dictionary  check	is
		       made.

       upper/lower caseThe password must contain at least the minimum of upper- and lower-case letters specified by the MINUPPER and MINLOWER val-
		       ues in /etc/default/passwd. If unspecified, the defaults are 0.

       maximum repeats The password must not  contain  more  consecutively  repeating  characters  than  specified  by	the  MAXREPEATS  value	in
		       /etc/default/passwd. If unspecified, no repeat character check is made.

       The following option may be passed to the module:

       debug	       syslog(3C) debugging information at the LOG_DEBUG level

RETURN VALUES

       If the password in PAM_AUTHTOK passes all tests, PAM_SUCCESS is returned. If any of the tests fail, PAM_AUTHTOK_ERR is returned.

FILES

       /etc/default/passwd     See passwd(1) for a description of the contents.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+
       |MT Level		     |MT-Safe with exceptions	   |
       +-----------------------------+-----------------------------+

SEE ALSO

       passwd(1),  pam(3PAM),  mkpwdict(1M),  pam_chauthtok(3PAM),  syslog(3C),  libpam(3LIB),	pam.conf(4),  passwd(4), shadow(4), attributes(5),
       pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)

NOTES

       The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

       The pam_unix(5) module is no longer supported. Similar functionality is provided  by  pam_authtok_check(5),  pam_authtok_get(5),  pam_auth-
       tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.10							    4 Jun 2004						      pam_authtok_check(5)
All times are GMT -4. The time now is 09:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy