pam_unix.so options
Zach
uid000 at gmail.com
Thu Nov 17 00:21:11 UTC 2005
I was thinking the same thing, so I messed around in it's source
earlier today to try and get a handle on what the various options are
and what they do.
the options obsure, min=, and max= are not documented in the source
README. They also are not in support.h, where the many of the options
are #defined.
Searching google for "pam_unix.so obscure" turns up lots of instances
of the line:
"pam_unix.so nullok obscure min=4 max=8" but not accompanied by any
explanation of the options. I wonder if these are legacy options that
no longer function yet everybody does it this way because everybody
does it this way. I kind of think for Ubuntu this is a carryover from
Debian, and doesn't have a specific reason.
If min=4 and max=8 do what it naturally seems like they would do, I
can't imagine why we would have it configured that way by default.
Yet, an 8 character password hashes to something different than a 9
character one, so either my guess is wrong, or they don't function.
As far as 'obscure' I can only guess it is intended to impose some
sort of complexity requirement on passwords, but without
documentation, it's impossible to say for sure.
On 11/16/05, Scott Henson <scotth at csee.wvu.edu> wrote:
> Zach wrote:
>
> >Hi,
> >
> >I posted this question a while back, but didn't get much response.
> >
> >Can anyone point me to documentation on the options to pam_unix.so?
> >Specifically, I'm looking for details on the "obscure" option as well
> >as the "min" and "max" options, both of which are used in Ubuntu's
> >pam.d passwd config file.
> >
> >I've checked the pam system administrator's guide,
> >http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html,
> >which is dated 2002, and these options are not documented there. Also
> >there does not appear to be a man page for pam_unix.so. I've checked
> >the Linux Documentation Project, and while there is a howto on user
> >authentication, it doesn't go into the various options to this module.
> >
> >
>
> Pam have never really been well documented, at least as far as Ive been
> able to find. There is some basic documentation in a pam doc package
> that you can install, but I'm pretty sure its the same as what you found
> on kernel.org. Beyond that, all you really have is the source. Its
> unfortunate, but I find myself going to the source a lot when dealing
> with pam. Its especially cute when the documentation says one thing and
> you bang your head against the configuration files for a while before
> looking at the source and finding out that the documentation is just
> wrong.
>
> Pam is really good, but unfortunately it can be really obscure. I would
> suggest only messing around with its configurations if you really need
> to and you really understand what your doing. You can introduce some
> very hard to diagnose problems by messing around with it.
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
--
If you reply to a message I posted to a mailing list,
and you want me to see your reply, be sure to put my
address in the 'To:', or I might not see the message.
More information about the ubuntu-users
mailing list