|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
Standards, Environments, and Macros pam_authtok_check(5)
NAME
pam_authtok_check - authentication and password management
module
SYNOPSIS
pam_authtok_check.so.1
DESCRIPTION
pam_authtok_check provides functionality to the Password
Management stack. The implementation of pam_sm_chauthtok()
performs a number of checks on the construction of the newly
entered password. pam_sm_chauthtok() is invoked twice by the
PAM framework, once with flags set to PAM_PRELIM_CHECK, and
once with flags set to PAM_UPDATE_AUTHTOK. This module only
performs its checks during the first invocation. This module
expects the current authentication token in the
PAM_OLDAUTHTOK item, the new (to be checked) password in the
PAM_AUTHTOK item, and the login name in the PAM_USER item.
The checks performed by this module are:
length The password length should not be less that
the minimum specified in
/etc/default/passwd.
circular shift The password should not be a circular shift
of the login name. This check may be dis-
abled in /etc/default/passwd.
complexity The password should contain at least the
minimum number of characters described by
the parameters MINALPHA, MINNONALPHA, MINDI-
GIT, and MINSPECIAL. Note that MINNONALPHA
describes the same character classes as MIN-
DIGIT and MINSPECIAL combined; therefore the
user cannot specify both MINNONALPHA and
MINSPECIAL (or MINDIGIT). The user must
choose which of the two options to use.
Furthermore, the WHITESPACE parameter deter-
mines whether whitespace characters are
allowed. If unspecified MINALPHA is 2, MIN-
NONALPHA is 1 and WHITESPACE is yes
variation The old and new passwords must differ by at
least the MINDIFF value specified in
/etc/default/passwd. If unspecified, the
default is 3. For accounts in name services
SunOS 5.10 Last change: 4 Jun 2004 1
Standards, Environments, and Macros pam_authtok_check(5)
which support password history checking, if
prior history is defined, the new password
must not match the prior passwords.
dictionary checkThe password must not be based on a diction-
ary word. The list of words to be used for
the site's dictionary can be specified with
DICTIONLIST. It should contain a comma-
separated list of filenames, one word per
line. The database that is created from
these files is stored in the directory named
by DICTIONDBDIR (defaults to /var/passwd).
See mkpwdict(1M) for information on pre-
generating the database. If neither DICTION-
LIST nor DICTIONDBDIR is specified, no dic-
tionary check is made.
upper/lower caseThe password must contain at least the
minimum of upper- and lower-case letters
specified by the MINUPPER and MINLOWER
values in /etc/default/passwd. If unspeci-
fied, the defaults are 0.
maximum repeats The password must not contain more consecu-
tively repeating characters than specified
by the MAXREPEATS value in
/etc/default/passwd. If unspecified, no
repeat character check is made.
The following option may be passed to the module:
debug syslog(3C) debugging information at the
LOG_DEBUG level
RETURN VALUES
If the password in PAM_AUTHTOK passes all tests, PAM_SUCCESS
is returned. If any of the tests fail, PAM_AUTHTOK_ERR is
returned.
FILES
/etc/default/passwd See passwd(1) for a description of
the contents.
SunOS 5.10 Last change: 4 Jun 2004 2
Standards, Environments, and Macros pam_authtok_check(5)
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
| MT Level | MT-Safe with exceptions |
|_____________________________|_____________________________|
SEE ALSO
passwd(1), pam(3PAM), mkpwdict(1M), pam_chauthtok(3PAM),
syslog(3C), libpam(3LIB), pam.conf(4), passwd(4), shadow(4),
attributes(5), pam_authtok_get(5), pam_authtok_store(5),
pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5),
pam_unix_auth(5), pam_unix_session(5)
NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each
thread within the multi-threaded application uses its own
PAM handle.
The pam_unix(5) module is no longer supported. Similar func-
tionality is provided by pam_authtok_check(5),
pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5),
pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5),
and pam_unix_session(5).
SunOS 5.10 Last change: 4 Jun 2004 3
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:27:54 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
sqlite3 man page (5334 hits)
(openSUSE 10.2)
svn man page (5208 hits)
(FreeBSD 6.2)
adv_cap_autoneg man page (4870 hits)
(Solaris 10 11_06)
CPAN man page (4607 hits)
(Suse Linux 10.1)
ssh man page (4342 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (2877 hits)
(Solaris 10 11_06)
netcat man page (2717 hits)
(Suse Linux 10.1)
pprosetup man page (2488 hits)
(Solaris 10 11_06)
startproc man page (2471 hits)
(Suse Linux 10.1)
signal man page (2407 hits)
(Suse Linux 10.1)
|
Man Pages 
