Sun Microsystems, Inc.
spacerspacer
spacer   www.sun.com docs.sun.com | | |  
spacer
black dot
   
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z
    
 
Standards, Environments, and Macrospam_authtok_check(5)


NAME

 pam_authtok_check - authentication and password management module

SYNOPSIS

 
pam_authtok_check.so.1

DESCRIPTION

 

pam_authtok_check provides functionality to the Password Management stack. The implementation of pam_sm_chauthtok(), performs a number of checks on the construction of the newly entered password. pam_sm_chauthtok() is invoked twice by the PAM framework, once with flags set to PAM_PRELIM_CHECK, and once with flags set to PAM_UPDATE_AUTHTOK. This module only performs its checks during the first invocation. This module expects the current authentication token in the PAM_OLDAUTHTOK item, the new (to be checked) password in the PAM_AUTHTOK item, and the login name in the PAM_USER item. The checks performed by this module are:

length
The password length should not be less that the minimum specified in /etc/default/passwd.
circular shift
The password should not be a circular shift of the login name.
complexity
The password should contain at least two alpha characters and one numeric or special character.
variation
The old and new passwords must differ by at least three positions.

The following option may be passed to the module:

debug
syslog(3C) debugging information at the LOG_DEBUG level

RETURN VALUES

 

If the password in PAM_AUTHTOK passes all tests, PAM_SUCCESS is returned. If any of the tests fail, PAM_AUTHTOK_ERR is returned.

FILES

 
/etc/default/passwd
Contains the value for PASSLENGTH, the default minimal password length.

ATTRIBUTES

 

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPEATTRIBUTE VALUE
Interface StabilityEvolving
MT LevelMT-Safe with exceptions

SEE ALSO

 

passwd(1), pam(3PAM), pam_chauthtok(3PAM), syslog(3C), libpam(3LIB), pam.conf(4), attributes(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)

NOTES

 

The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

The pam_unix(5) module might not be supported in a future release. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).


SunOS 5.9Go To TopLast Changed 10 Dec 2001

 
      
      
Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.