|
Standards, Environments, and Macros | pam_authtok_check(5) |
| pam_authtok_check - authentication and password management module |
SYNOPSIS
|
pam_authtok_check provides functionality to the Password Management stack. The implementation of pam_sm_chauthtok(), performs a number of checks on the construction of the newly entered password. pam_sm_chauthtok() is invoked twice by the
PAM framework, once with flags set to PAM_PRELIM_CHECK, and once with flags set to PAM_UPDATE_AUTHTOK. This module only performs its checks during the first invocation. This module expects the current authentication token in the PAM_OLDAUTHTOK item,
the new (to be checked) password in the PAM_AUTHTOK item, and the login name in the PAM_USER item. The checks performed by this module are:
- length
- The password length should not be less that the minimum specified in /etc/default/passwd.
- circular shift
- The password should not be a circular shift of the login name.
- complexity
- The password should contain at least two alpha characters and one numeric or special character.
- variation
- The old and new passwords must differ by at least three positions.
The following option may be passed to the module:
- debug
-
syslog(3C) debugging information at the LOG_DEBUG level
|
|
If the password in PAM_AUTHTOK passes all tests, PAM_SUCCESS is returned. If any of the tests fail, PAM_AUTHTOK_ERR is returned.
|
|
- /etc/default/passwd
- Contains the value for PASSLENGTH, the default minimal password length.
|
|
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Interface Stability | Evolving |
MT Level | MT-Safe with exceptions |
|
|
passwd(1), pam(3PAM), pam_chauthtok(3PAM), syslog(3C), libpam(3LIB), pam.conf(4), attributes(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)
|
| |