pam_unix.so options

Zach uid000 at gmail.com
Thu Nov 17 00:21:11 UTC 2005 

I was thinking the same thing, so I messed around in it's source
earlier today to try and get a handle on what the various options are
and what they do.

the options obsure, min=, and max= are not documented in the source
README.  They also are not in support.h, where the many of the options
are #defined.

Searching google for "pam_unix.so obscure" turns up lots of instances
of the line:
"pam_unix.so nullok obscure min=4 max=8" but not accompanied by any
explanation of the options.  I wonder if these are legacy options that
no longer function yet everybody does it this way because everybody
does it this way.  I kind of think for Ubuntu this is a carryover from
Debian, and doesn't have a specific reason.

If min=4 and max=8 do what it naturally seems like they would do, I
can't imagine why we would have it configured that way by default. 
Yet, an 8 character password hashes to something different than a 9
character one, so either my guess is wrong, or they don't function.

As far as 'obscure' I can only guess it is intended to impose some
sort of complexity requirement on passwords, but without
documentation, it's impossible to say for sure.


On 11/16/05, Scott Henson <scotth at csee.wvu.edu> wrote:
> Zach wrote:
>
> >Hi,
> >
> >I posted this question a while back, but didn't get much response.
> >
> >Can anyone point me to documentation on the options to pam_unix.so?
> >Specifically, I'm looking for details on the "obscure" option as well
> >as the "min" and "max" options, both of which are used in Ubuntu's
> >pam.d passwd config file.
> >
> >I've checked the pam system administrator's guide,
> >http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html,
> >which is dated 2002, and these options are not documented there.  Also
> >there does not appear to be a man page for pam_unix.so.  I've checked
> >the Linux Documentation Project, and while there is a howto on user
> >authentication, it doesn't go into the various options to this module.
> >
> >
>
> Pam have never really been well documented, at least as far as Ive been
> able to find.  There is some basic documentation in a pam doc package
> that you can install, but I'm pretty sure its the same as what you found
> on kernel.org.  Beyond that, all you really have is the source.  Its
> unfortunate, but I find myself going to the source a lot when dealing
> with pam.  Its especially cute when the documentation says one thing and
> you bang your head against the configuration files for a while before
> looking at the source and finding out that the documentation is just
> wrong.
>
> Pam is really good, but unfortunately it can be really obscure.  I would
> suggest only messing around with its configurations if you really need
> to and you really understand what your doing.  You can introduce some
> very hard to diagnose problems by messing around with it.
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>


--
If you reply to a message I posted to a mailing list,
and you want me to see your reply, be sure to put my
address in the 'To:', or I might not see the message.

More information about the ubuntu-users mailing list