I have a small challenge and would appreciate any guidance… I have been required to determine the length of a new password during a RHEL6 password change. I have modified the PAM source code, by adding an “if” statement in /modules/pam_unix/pam_unix_password.c (shown below) to do this after the password has been changed.
This “if” statement works perfectly when the password is changed from the login screen. BUT, if I run the “passwd” command from a terminal window, the statement does not appear to run at all. Can you please help me understand why?
... static
int
_pam_unix_approve_pass(pam_handle_t
* pamh ,unsigned
int
ctrl ,const
char
*pass_old ,const
char
*pass_new) { const
void
*user; const
char
*remark = NULL; int
retval = PAM_SUCCESS; D(("&new=%p,
&old=%p", pass_old, pass_new)); D(("new=[%s]",
pass_new)); D(("old=[%s]",
pass_old)); if
(pass_new == NULL || (pass_old && !strcmp(pass_old, pass_new))) {
if
(on(UNIX_DEBUG, ctrl)) { pam_syslog(pamh, LOG_DEBUG,
"bad authentication token"); } _make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ? _("No
password supplied") : _("Password
unchanged"));
return
PAM_AUTHTOK_ERR; } /* * if one wanted to hardwire authentication token strength * checking this would be the place - AGM */ retval = pam_get_item(pamh, PAM_USER, &user); if
(retval != PAM_SUCCESS) {
if
(on(UNIX_DEBUG, ctrl)) { pam_syslog(pamh, LOG_ERR,
"Can not get username");
return
PAM_AUTHTOK_ERR; } } if
(off(UNIX__IAMROOT, ctrl)) {
if
(strlen(pass_new) < 6) remark = _("You
must choose a longer password"); D(("length
check [%s]", remark)); ******************************************* **//added
the 13 character password check** **if(strlen(pass_new)
>=13)** **system("echo
13char > /tmp/Password_length.text");** *******************************************
if
(on(UNIX_REMEMBER_PASSWD, ctrl)) {
if
((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR) remark = _("Password
has been already used. Choose another.");
if
(retval == PAM_ABORT) { pam_syslog(pamh, LOG_ERR,
"can't open %s file to check old passwords", OLD_PASSWORDS_FILE);
return
retval; } } } ... Thank you, |
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list