[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Jun 2007 01:23:46 +0400
From: "(GalaxyMaster)" <galaxy@...nwall.com>
To: owl-users@...ts.openwall.com
Subject: Re: pam_passwdqc and history
Vincent,
Thanks for a good question I was wondering whether it could be done on
Owl too (however, I haven't investigated the issue for real).
On Sun, Jun 24, 2007 at 12:53:51AM +0400, gremlin@...mlin.ru wrote:
>
> It does NOT and, I hope, never will - all these "password
> history policies" require storing plaintext password somewhere,
> which is absolutely inacceptable. The only possible check is
Gremlin, I know at least a couple of techniques how to perform this check
without storing the plain text version of password, so you might be wrong
in your claims. JFYI.
I'd like to see Solar's opinion on this. I think that although it's
a little bit complicated since we need to store some additional metadata
per account this option could be implemented and it would have its users
(not only Vincent and me but a broader range of users :) ).
--
(GM)
--
To unsubscribe, e-mail owl-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
