mkpwdict(1M) System Administration Commands mkpwdict(1M)NAME
mkpwdict - maintain password-strength checking database
SYNOPSIS
/usr/sbin/mkpwdict [-s dict1,... ,dictN] [-d destination-path]
DESCRIPTION
The mkpwdict command adds words to the dictionary-lookup database used by pam_authtok_check(5) and passwd(1).
Files containing words to be added to the database can be specified on the command-line using the -s flag. These source files should have a
single word per line, much like /usr/share/lib/dict/words.
If -s is omitted, mkpwdict will use the value of DICTIONLIST specified in /etc/default/passwd (see passwd(1)).
The database is created in the directory specified by the -d option. If this option is omitted, mkpwdict uses the value of DICTIONDBDIR
specified in /etc/default/passwd (see passwd(1)). The default location is /var/passwd.
OPTIONS
The following options are supported:
-s
Specifies a comma-separated list of files containing words to be added to the dictionary-lookup database.
-d
Specifies the target location of the dictionary-database.
FILES
/etc/default/passwd
See passwd(1).
/var/passwd
default destination directory
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO passwd(1), attributes(5), pam_authtok_check(5)SunOS 5.10 1 Jun 2004 mkpwdict(1M)
Check Out this Related Man Page
pam_authtok_check(5) Standards, Environments, and Macros pam_authtok_check(5)NAME
pam_authtok_check - authentication and password management module
SYNOPSIS
pam_authtok_check.so.1
DESCRIPTION
pam_authtok_check provides functionality to the Password Management stack. The implementation of pam_sm_chauthtok() performs a number of
checks on the construction of the newly entered password. pam_sm_chauthtok() is invoked twice by the PAM framework, once with flags set to
PAM_PRELIM_CHECK, and once with flags set to PAM_UPDATE_AUTHTOK. This module only performs its checks during the first invocation. This
module expects the current authentication token in the PAM_OLDAUTHTOK item, the new (to be checked) password in the PAM_AUTHTOK item, and
the login name in the PAM_USER item. The checks performed by this module are:
length The password length should not be less that the minimum specified in /etc/default/passwd.
circular shift The password should not be a circular shift of the login name. This check may be disabled in /etc/default/passwd.
complexity The password should contain at least the minimum number of characters described by the parameters MINALPHA, MINNONALPHA,
MINDIGIT, and MINSPECIAL. Note that MINNONALPHA describes the same character classes as MINDIGIT and MINSPECIAL combined;
therefore the user cannot specify both MINNONALPHA and MINSPECIAL (or MINDIGIT). The user must choose which of the two
options to use. Furthermore, the WHITESPACE parameter determines whether whitespace characters are allowed. If unspecified
MINALPHA is 2, MINNONALPHA is 1 and WHITESPACE is yes
variation The old and new passwords must differ by at least the MINDIFF value specified in /etc/default/passwd. If unspecified, the
default is 3. For accounts in name services which support password history checking, if prior history is defined, the new
password must not match the prior passwords.
dictionary checkThe password must not be based on a dictionary word. The list of words to be used for the site's dictionary can be speci-
fied with DICTIONLIST. It should contain a comma-separated list of filenames, one word per line. The database that is cre-
ated from these files is stored in the directory named by DICTIONDBDIR (defaults to /var/passwd). See mkpwdict(1M) for
information on pre-generating the database. If neither DICTIONLIST nor DICTIONDBDIR is specified, no dictionary check is
made.
upper/lower caseThe password must contain at least the minimum of upper- and lower-case letters specified by the MINUPPER and MINLOWER val-
ues in /etc/default/passwd. If unspecified, the defaults are 0.
maximum repeats The password must not contain more consecutively repeating characters than specified by the MAXREPEATS value in
/etc/default/passwd. If unspecified, no repeat character check is made.
The following option may be passed to the module:
debug syslog(3C) debugging information at the LOG_DEBUG level
RETURN VALUES
If the password in PAM_AUTHTOK passes all tests, PAM_SUCCESS is returned. If any of the tests fail, PAM_AUTHTOK_ERR is returned.
FILES
/etc/default/passwd See passwd(1) for a description of the contents.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
|MT Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
SEE ALSO passwd(1), pam(3PAM), mkpwdict(1M), pam_chauthtok(3PAM), syslog(3C), libpam(3LIB), pam.conf(4), passwd(4), shadow(4), attributes(5),
pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
The pam_unix(5) module is no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_auth-
tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).
SunOS 5.10 4 Jun 2004 pam_authtok_check(5)