Chris, On Tue, Aug 24, 2004 at 02:03:27PM -0400, Adams, Chris M, CTR,, DMDCWEST wrote: > # Password management > # > other password requisite pam_passwdqc.so > min=disabled,disabled,di > sabled,disabled,8 max=8 passphrase=0 match=0 similar=deny random=0 > enforce=every > one retry=1 ask_oldauthtok=update check_oldauthtok > other password required pam_dhkeys.so.1 You should have stacked pam_passwdqc after pam_dhkeys, not before. And there should be no need for "ask_oldauthtok=update check_oldauthtok" on your recent/patched Solaris 8 (it's almost Solaris 9 in fact). Also, I'm not sure what you're trying to achieve with "match=0 similar=deny"? (This is not related to the problem at hand, but simply looks weird to me.) The settings which should work for your system are as follows: passwd auth required pam_passwd_auth.so.1 [...] other password required pam_dhkeys.so.1 other password requisite pam_passwdqc.so max=8 retry=1 other password required pam_authtok_store.so.1 -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
