pam_unix.so options

Zach uid000 at gmail.com
Thu Nov 17 00:51:19 UTC 2005


I have to eat my words.  These options are found in the source,

specifically there is an obscure.c which checks for things like
palindromes (try changing your password to racecar).

Also greping for MIN an MAX in the modules source directory turns up a
number of hits as well.  Too bad it's not documented better.  I really
don't enjoy source-diving to try to get an answer to a simple
question.

On 11/16/05, Zach <uid000 at gmail.com> wrote:
> I was thinking the same thing, so I messed around in it's source
> earlier today to try and get a handle on what the various options are
> and what they do.
>
> the options obsure, min=, and max= are not documented in the source
> README.  They also are not in support.h, where the many of the options
> are #defined.
>
> Searching google for "pam_unix.so obscure" turns up lots of instances
> of the line:
> "pam_unix.so nullok obscure min=4 max=8" but not accompanied by any
> explanation of the options.  I wonder if these are legacy options that
> no longer function yet everybody does it this way because everybody
> does it this way.  I kind of think for Ubuntu this is a carryover from
> Debian, and doesn't have a specific reason.
>
> If min=4 and max=8 do what it naturally seems like they would do, I
> can't imagine why we would have it configured that way by default.
> Yet, an 8 character password hashes to something different than a 9
> character one, so either my guess is wrong, or they don't function.
>
> As far as 'obscure' I can only guess it is intended to impose some
> sort of complexity requirement on passwords, but without
> documentation, it's impossible to say for sure.
>
>
> On 11/16/05, Scott Henson <scotth at csee.wvu.edu> wrote:
> > Zach wrote:
> >
> > >Hi,
> > >
> > >I posted this question a while back, but didn't get much response.
> > >
> > >Can anyone point me to documentation on the options to pam_unix.so?
> > >Specifically, I'm looking for details on the "obscure" option as well
> > >as the "min" and "max" options, both of which are used in Ubuntu's
> > >pam.d passwd config file.
> > >
> > >I've checked the pam system administrator's guide,
> > >http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html,
> > >which is dated 2002, and these options are not documented there.  Also
> > >there does not appear to be a man page for pam_unix.so.  I've checked
> > >the Linux Documentation Project, and while there is a howto on user
> > >authentication, it doesn't go into the various options to this module.
> > >
> > >
> >
> > Pam have never really been well documented, at least as far as Ive been
> > able to find.  There is some basic documentation in a pam doc package
> > that you can install, but I'm pretty sure its the same as what you found
> > on kernel.org.  Beyond that, all you really have is the source.  Its
> > unfortunate, but I find myself going to the source a lot when dealing
> > with pam.  Its especially cute when the documentation says one thing and
> > you bang your head against the configuration files for a while before
> > looking at the source and finding out that the documentation is just
> > wrong.
> >
> > Pam is really good, but unfortunately it can be really obscure.  I would
> > suggest only messing around with its configurations if you really need
> > to and you really understand what your doing.  You can introduce some
> > very hard to diagnose problems by messing around with it.
> >
> > --
> > ubuntu-users mailing list
> > ubuntu-users at lists.ubuntu.com
> > http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >
>
>
> --
> If you reply to a message I posted to a mailing list,
> and you want me to see your reply, be sure to put my
> address in the 'To:', or I might not see the message.
>


--
If you reply to a message I posted to a mailing list,
and you want me to see your reply, be sure to put my
address in the 'To:', or I might not see the message.




More information about the ubuntu-users mailing list