[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Sun, 24 Jun 2007 00:53:51 +0400
From: gremlin@...mlin.ru
To: owl-users@...ts.openwall.com
Subject: Re: pam_passwdqc and history
On Sat, Jun 23, 2007 at 11:01:04AM -0600, Vincent Danen wrote:
> Quick question. Does pam_passwdqc support password history?
> Not just comparing the current password to the new password,
> but seeing if it's similar to, say, any of the last 3
> passwords a user used? Apparently some government/company
> legislation/policies require history checking of current-N
> passwords, and I'm wondering if passwdqc does this.
It does NOT and, I hope, never will - all these "password
history policies" require storing plaintext password somewhere,
which is absolutely inacceptable. The only possible check is
whether new password is the same as current - it is the only
which can be verified using the current password hash (in that
case user can switch between two passwords, but it is really
safer to remember them than writing every new password down
somewhere).
--
Alexey V. Vissarionov aka Gremlin from Kremlin
<gremlin ðòé gremlin ôþë ru>
--
To unsubscribe, e-mail owl-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux