I was wondering if anyone might be able to help me with a problem I am having. I compiled the pam_cracklib/cracklib for Solaris packages off of SourceForge, and got them working on both Solaris 8 & 9. My pam.conf looks like so for the passwd command: passwd auth required /usr/lib/security/pam_passwd_auth.so.1 other password requisite /usr/lib/security/pam_authtok_get.so.1 debug other password requisite /usr/lib/security/pam_cracklib.so use_authtok debug other password required /usr/lib/security/pam_authtok_store.so.1 try_first_pass debug I have also tried swapping pam_authtok_store.so.1 with the below library provided recently by Sun (an updated pam_unix allowing passwords of greater than 8 characters). other password required /usr/lib/security/pam_unix.so.1 try_first_pass The problem I see with cracklib: if a password passes the cracklib check (e.g. non-dictionary, non-gecos, etc.), it is will be accepted by the OS even if it does not conform to the Solaris requirement that it have at least one non-alpha character. E.g. sckurmep is accepted, when without cracklib in the PAM stack, it is rejected. (If I do not include "try_first_pass" or "use_first_pass" as an option to pam_authtok_store or pam_unix, the user is prompted twice for their old password and the new password.) Any suggestions appreciated. =Nadine= _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
