Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Jun 2007 01:23:46 +0400
From: "(GalaxyMaster)" <>
Subject: Re: pam_passwdqc and history


Thanks for a good question I was wondering whether it could be done on
Owl too (however, I haven't investigated the issue for real).

On Sun, Jun 24, 2007 at 12:53:51AM +0400, wrote:
> It does NOT and, I hope, never will - all these "password
> history policies" require storing plaintext password somewhere,
> which is absolutely inacceptable. The only possible check is

Gremlin, I know at least a couple of techniques how to perform this check
without storing the plain text version of password, so you might be wrong
in your claims.  JFYI.

I'd like to see Solar's opinion on this.  I think that although it's
a little bit complicated since we need to store some additional metadata
per account this option could be implemented and it would have its users
(not only Vincent and me but a broader range of users :) ).


To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.