Date: Mon, 12 Mar 2012 19:56:20 +0000 From: "Zielinski, Bruce C" <bruce.c.zielinski@...o.com> To: "passwdqc-users@...ts.openwall.com" <passwdqc-users@...ts.openwall.com> Subject: RE: EXTERNAL: Re: Solaris issue... First - thanks for getting back to me. truss didn't show me anything useful. I did find a solution after reading and re-interpreting the README file. I changed the order of the pam commands to be the following: other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_passwdqc.so min=disabled,disabled,disabled,disabled,14, similar=permit match=0 enforce=users use_authtoc other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1 I don't get the "pretty" you need upper, lower, number and special char header information, but NIS gets updated properly, the length is properly checked and the complexity enforces upper, lower, number and special. (by the way, I used the 1.0.5 version as I don't really need the "add-ons") Life is good! I don't know if anyone else encountered this issue and if they found a different solution - but I'd be interested to know. Again, Thanks! Bruce Bruce C. Zielinski, CISSP Lockheed Martin 199 Borton Landing Road Moorestown, NJ 08057 M/S 137-A114 bruce.c.zielinski@...o.com 856-722-5072 -----Original Message----- From: Solar Designer [mailto:solar@...nwall.com] Sent: Saturday, March 10, 2012 11:18 AM To: passwdqc-users@...ts.openwall.com Subject: EXTERNAL: Re: [passwdqc-users] Solaris issue... Hello Bruce, I'm sorry for the delayed response, although FYI it is quite typical that I respond to non-urgent messages with a delay of a few days. On Wed, Mar 07, 2012 at 05:53:49PM +0000, Zielinski, Bruce C wrote: > I'm brand new (couple of minutes) to this list. I have an issue using passwdqc in a NIS (YP) environment. Using only flat files, the tool works perfectly (Thank You!), but even if nis is specified in the nsswitch.conf file, I get a Permission denied right after if verifies the password. I am running on Solaris 9 (but I've tested it with the same results on Solaris 8 and 10). I've tried version 1.2.2 and 1.0.5 and get the identical results. The password portion of my pam.conf file is identical to the wiki page entry. No, I was not aware of this problem before, and it appears that no one in here has run into it. There are very few subscribers on this mailing list, though - most users of passwdqc don't subscribe. We might try to reproduce the problem on a suitable occasion (I don't have a suitable Solaris setup handy right now), or/and you may try to debug it on your own (run the passwd command under truss, etc.) If you figure this out, please post to the list to let us and others know. Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.