The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

pam_authtok_check (5)
  • >> pam_authtok_check (5) ( Solaris man: Форматы файлов )
  •  

    NAME

    pam_authtok_check - authentication and password
    management module
     
    

    SYNOPSIS

    pam_authtok_check.so.1
    

     

    DESCRIPTION

    pam_authtok_check provides functionality to the Password Management stack. The implementation of pam_sm_chauthtok() performs a number of checks on the construction of the newly entered password. pam_sm_chauthtok() is invoked twice by the PAM framework, once with flags set to PAM_PRELIM_CHECK, and once with flags set to PAM_UPDATE_AUTHTOK. This module only performs its checks during the first invocation. This module expects the current authentication token in the PAM_OLDAUTHTOK item, the new (to be checked) password in the PAM_AUTHTOK item, and the login name in the PAM_USER item. The checks performed by this module are:

    length

    The password length should not be less that the minimum specified in /etc/default/passwd.

    circular shift

    The password should not be a circular shift of the login name. This check may be disabled in /etc/default/passwd.

    complexity

    The password should contain at least the minimum number of characters described by the parameters MINALPHA, MINNONALPHA, MINDIGIT, and MINSPECIAL. Note that MINNONALPHA describes the same character classes as MINDIGIT and MINSPECIAL combined; therefore the user cannot specify both MINNONALPHA and MINSPECIAL (or MINDIGIT). The user must choose which of the two options to use. Furthermore, the WHITESPACE parameter determines whether whitespace characters are allowed. If unspecified MINALPHA is 2, MINNONALPHA is 1 and WHITESPACE is yes

    variation

    The old and new passwords must differ by at least the MINDIFF value specified in /etc/default/passwd. If unspecified, the default is 3. For accounts in name services which support password history checking, if prior history is defined, the new password must not match the prior passwords.

    dictionary check

    The password must not be based on a dictionary word. The list of words to be used for the site's dictionary can be specified with DICTIONLIST. It should contain a comma-separated list of filenames, one word per line. The database that is created from these files is stored in the directory named by DICTIONDBDIR (defaults to /var/passwd). See mkpwdict(1M) for information on pre-generating the database. If neither DICTIONLIST nor DICTIONDBDIR is specified, no dictionary check is made.

    upper/lower case

    The password must contain at least the minimum of upper- and lower-case letters specified by the MINUPPER and MINLOWER values in /etc/default/passwd. If unspecified, the defaults are 0.

    maximum repeats

    The password must not contain more consecutively repeating characters than specified by the MAXREPEATS value in /etc/default/passwd. If unspecified, no repeat character check is made.

    The following option may be passed to the module:

    force_check

    If the PAM_NO_AUTHTOK_CHECK flag set, force_check ignores this flag. The PAM_NO_AUTHTOK_CHECK flag can be set to bypass password checks (see pam_chauthtok(3PAM)).

    debug

    syslog(3C) debugging information at the LOG_DEBUG level

     

    RETURN VALUES

    If the password in PAM_AUTHTOK passes all tests, PAM_SUCCESS is returned. If any of the tests fail, PAM_AUTHTOK_ERR is returned.  

    FILES

    /etc/default/passwd

    See passwd(1) for a description of the contents.

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    Interface StabilityEvolving

    MT Level

     

    SEE ALSO

    passwd(1), pam(3PAM), mkpwdict(1M), pam_chauthtok(3PAM), syslog(3C), libpam(3LIB), pam.conf(4), passwd(4), shadow(4), attributes(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)  

    NOTES

    The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

    The pam_unix(5) module is no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    RETURN VALUES
    FILES
    ATTRIBUTES
    SEE ALSO
    NOTES


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру