Why passwd command does not work with pam_unix_passwd.c module source code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


I have a small challenge and would appreciate any guidance… I have been required to determine the length of a new password during a RHEL6 password change.

I have modified the PAM source code, by adding an “if” statement in /modules/pam_unix/pam_unix_password.c (shown below) to do this after the password has been changed.

This “if” statement works perfectly when the password is changed from the login screen.  BUT, if I run the “passwd” command from a terminal window, the statement does not appear to run at all. Can you please help me understand why?


static int _pam_unix_approve_pass(pam_handle_t * pamh

              ,unsigned int ctrl

              ,const char *pass_old

              ,const char *pass_new)


const void *user;

const char *remark = NULL;

int retval = PAM_SUCCESS;


D(("&new=%p, &old=%p", pass_old, pass_new));

D(("new=[%s]", pass_new));

D(("old=[%s]", pass_old));


if (pass_new == NULL || (pass_old && !strcmp(pass_old, pass_new))) {

    if (on(UNIX_DEBUG, ctrl)) {

        pam_syslog(pamh, LOG_DEBUG, "bad authentication token");


    _make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?

        _("No password supplied") : _("Password unchanged"));

    return PAM_AUTHTOK_ERR;



* if one wanted to hardwire authentication token strength

* checking this would be the place - AGM



retval = pam_get_item(pamh, PAM_USER, &user);

if (retval != PAM_SUCCESS) {

    if (on(UNIX_DEBUG, ctrl)) {

        pam_syslog(pamh, LOG_ERR, "Can not get username");

        return PAM_AUTHTOK_ERR;



if (off(UNIX__IAMROOT, ctrl)) {

    if (strlen(pass_new) < 6)

      remark = _("You must choose a longer password");

    D(("length check [%s]", remark));



    **//added the 13 character password check**

    **if(strlen(pass_new) >=13)**

        **system("echo 13char > /tmp/Password_length.text");**



    if (on(UNIX_REMEMBER_PASSWD, ctrl)) {

        if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR)

          remark = _("Password has been already used. Choose another.");

        if (retval == PAM_ABORT) {

            pam_syslog(pamh, LOG_ERR, "can't open %s file to check old passwords",


            return retval;







Thank you,

Stephanie Formica
Enroute Computer Solutions
FDIO - Second Level Support
Phone: (609) 485-4077


Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux