Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 12 Mar 2012 19:56:20 +0000
From: "Zielinski, Bruce C" <bruce.c.zielinski@...o.com>
To: "passwdqc-users@...ts.openwall.com" <passwdqc-users@...ts.openwall.com>
Subject: RE: EXTERNAL: Re: Solaris issue...

First - thanks for getting back to me.  truss didn't show me anything useful.  I did find a solution after reading and re-interpreting the README file.
I changed the order of the pam commands to be the following:

other password required  pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_passwdqc.so min=disabled,disabled,disabled,disabled,14, similar=permit match=0 enforce=users use_authtoc
other password requisite pam_authtok_check.so.1
other password required  pam_authtok_store.so.1

I don't get the "pretty" you need upper, lower, number and special char header information, but NIS gets updated properly, the length is properly checked and the complexity enforces upper, lower, number and special. (by the way, I used the 1.0.5 version as I don't really need the "add-ons") Life is good!  I don't know if anyone else encountered this issue and if they found a different solution - but I'd be interested to know.

Again, Thanks!
Bruce

Bruce C. Zielinski, CISSP
Lockheed Martin
199 Borton Landing Road
Moorestown, NJ 08057
M/S 137-A114
bruce.c.zielinski@...o.com 
856-722-5072

-----Original Message-----
From: Solar Designer [mailto:solar@...nwall.com] 
Sent: Saturday, March 10, 2012 11:18 AM
To: passwdqc-users@...ts.openwall.com
Subject: EXTERNAL: Re: [passwdqc-users] Solaris issue...

Hello Bruce,

I'm sorry for the delayed response, although FYI it is quite typical
that I respond to non-urgent messages with a delay of a few days.

On Wed, Mar 07, 2012 at 05:53:49PM +0000, Zielinski, Bruce C wrote:
>                 I'm brand new (couple of minutes) to this list.  I have an issue using passwdqc in a NIS (YP) environment.  Using only flat files, the tool works perfectly (Thank You!), but even if nis is specified in the nsswitch.conf file, I get a Permission denied right after if verifies the password.  I am running on Solaris 9 (but I've tested it with the same results on Solaris 8 and 10).  I've tried version 1.2.2 and 1.0.5 and get the identical results.  The password portion of my pam.conf file is identical to the wiki page entry.

No, I was not aware of this problem before, and it appears that no one
in here has run into it.  There are very few subscribers on this mailing
list, though - most users of passwdqc don't subscribe.

We might try to reproduce the problem on a suitable occasion (I don't
have a suitable Solaris setup handy right now), or/and you may try to
debug it on your own (run the passwd command under truss, etc.)  If you
figure this out, please post to the list to let us and others know.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ