Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages

OpenSolaris 2009.06 - man page for pam_authtok_check (opensolaris section 5)

pam_authtok_check(5)	       Standards, Environments, and Macros	     pam_authtok_check(5)

       pam_authtok_check - authentication and password management module


       pam_authtok_check provides functionality to the Password Management stack. The implementa-
       tion of pam_sm_chauthtok() performs a number of checks on the construction  of  the  newly
       entered	password.  pam_sm_chauthtok()  is  invoked  twice by the PAM framework, once with
       flags set to PAM_PRELIM_CHECK, and once with flags set to PAM_UPDATE_AUTHTOK. This  module
       only  performs  its  checks  during  the first invocation. This module expects the current
       authentication token in the PAM_OLDAUTHTOK item, the new (to be checked) password  in  the
       PAM_AUTHTOK  item,  and	the login name in the PAM_USER item. The checks performed by this
       module are:

       length		   The password length should not be less that the minimum  specified  in

       circular shift	   The	password  should  not be a circular shift of the login name. This
			   check may be disabled in /etc/default/passwd.

       complexity	   The password should contain at least the minimum number of  characters
			   described  by the parameters MINALPHA, MINNONALPHA, MINDIGIT, and MIN-
			   SPECIAL. Note that MINNONALPHA describes the same character classes as
			   MINDIGIT  and  MINSPECIAL  combined; therefore the user cannot specify
			   both MINNONALPHA and MINSPECIAL (or MINDIGIT). The  user  must  choose
			   which of the two options to use. Furthermore, the WHITESPACE parameter
			   determines whether whitespace characters are allowed.  If  unspecified
			   MINALPHA is 2, MINNONALPHA is 1 and WHITESPACE is yes

       variation	   The	old  and  new passwords must differ by at least the MINDIFF value
			   specified in /etc/default/passwd. If unspecified, the  default  is  3.
			   For accounts in name services which support password history checking,
			   if prior history is defined, the new password must not match the prior

       dictionary check    The password must not be based on a dictionary word. The list of words
			   to be used for the site's dictionary can be	specified  with  DICTION-
			   LIST.  It should contain a comma-separated list of filenames, one word
			   per line. The database that is created from these files is  stored  in
			   the	directory  named  by  DICTIONDBDIR (defaults to /var/passwd). See
			   mkpwdict(1M) for information on pre-generating the database.  If  nei-
			   ther DICTIONLIST nor DICTIONDBDIR is specified, no dictionary check is

       upper/lower case    The password must contain at least the minimum of  upper-  and  lower-
			   case  letters  specified  by  the  MINUPPER	and  MINLOWER  values  in
			   /etc/default/passwd. If unspecified, the defaults are 0.

       maximum repeats	   The password must not contain more consecutively repeating  characters
			   than  specified  by	the  MAXREPEATS  value in /etc/default/passwd. If
			   unspecified, no repeat character check is made.

       The following option may be passed to the module:

       force_check    If the PAM_NO_AUTHTOK_CHECK flag set, force_check ignores  this  flag.  The
		      PAM_NO_AUTHTOK_CHECK  flag  can  be  set	to  bypass  password  checks (see

       debug	      syslog(3C) debugging information at the LOG_DEBUG level

       If the password in PAM_AUTHTOK passes all tests, PAM_SUCCESS is returned. If  any  of  the
       tests fail, PAM_AUTHTOK_ERR is returned.

       /etc/default/passwd    See passwd(1) for a description of the contents.

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Interface Stability	     |Evolving			   |
       |MT Level		     |MT-Safe with exceptions	   |

       passwd(1),   pam(3PAM),	 mkpwdict(1M),	 pam_chauthtok(3PAM),  syslog(3C),  libpam(3LIB),
       pam.conf(4),   passwd(4),   shadow(4),	attributes(5),	 pam_authtok_get(5),	pam_auth-
       tok_store(5),  pam_dhkeys(5),  pam_passwd_auth(5),  pam_unix_account(5), pam_unix_auth(5),

       The interfaces in libpam(3LIB) are MT-Safe only if each thread within  the  multi-threaded
       application uses its own PAM handle.

       The  pam_unix(5)  module  is  no  longer  supported.  Similar functionality is provided by
       pam_authtok_check(5),	 pam_authtok_get(5),	 pam_authtok_store(5),	   pam_dhkeys(5),
       pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.11				    1 Mar 2005			     pam_authtok_check(5)

All times are GMT -4. The time now is 11:14 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password