Re: pam.d common-passwd: obscure option includes "similar" but is vague
Hello, On Thu, Mar 23, 2006 at 11:36:05AM -0800, [EMAIL PROTECTED] wrote: > > in /etc/pam.d/common-password there is: > > password required pam_unix.so nullok obscure min=4 max=8 md5 I've just noticed that the obscure option doesn't work (#358697) > Does anyone know what is the exact definition of > "similar"? Exactly how many characters must not be similar between the > old and new passwords to satisfy this requirement? A password is "similar" if the new password has less than 8 characters, and more than an half of the characters were also used in the old password. > Does anyone know the exact definition of "simple"? From manual testing > it appears that the password cannot be a dictionary word, but beyond > that it can consist of all lower-case letters only. Maybe the dictionnary check comes from a pam_cracklib line. The "simple" check checks the length of the password. The password must be at least 8 characters long if it uses only characters from one type (digits, upper case, lower case, other), at least 7 characters long if it uses characters from two of these types, and so on. Kind Regards, -- Nekral -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
pam.d common-passwd: obscure option includes "similar" but is vague
in /etc/pam.d/common-password there is: password required pam_unix.so nullok obscure min=4 max=8 md5 reading /usr/share/doc/libpam-doc/txt/pam.txt.gz to find the definition of "obscure": Palindrome: Is the new password a palindrome of the old one? A palindrome is where the words read the same backwards and forwards (eg. madam and radar). Case Change Only: Is the new password the the old one with only a change of case? Similar: Is the new password too much like the old one? Simple: Is the new password too small? This is based on the length of the password and the number of different types of characters used (ie.alpha, numeric...). Rotated: Is the new password a rotated version of the old password (eg. "billy" and "illyb")? Does anyone know what is the exact definition of "similar"? Exactly how many characters must not be similar between the old and new passwords to satisfy this requirement? Does anyone know the exact definition of "simple"? From manual testing it appears that the password cannot be a dictionary word, but beyond that it can consist of all lower-case letters only. This does not seem to agree with the definition in the doc. Also its not clear why the definition mentions length of password since that is provided by the min= paramenter. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]