On 2005-10-26, Ceri Davies <firstname.lastname@example.org> wrote:
> A couple of questions regarding pam_authtok_check and friends.
I gave in and read the code. Assuming that none of this changed in
OpenSolaris, here's what Solaris 10 does for the record:
> 1) What does the NAMECHECK variable in /etc/default/passwd actually do?
> The documentation in the passwd(1) simply repeats the same text found
> in /etc/default/passwd, which simply says "do login name checking".
> What kind of checking is that then?
This is a check that the password is not a circular shift of the login
> 2) Where is the password history to deal with variables such as
> MAXREPEATS kept? Are just the hashes stored? If so, do I break this
> if I change crypt algorithms?
I actually meant HISTORY here, and the answer is that the old password
crypts are stored in /etc/security/passhistory, and yes, it breaks if
you change crypt algorithms.
> 3) If just the hashes are stored, how does MINDIFF work?
passwd(1) compares the new password with the old password that the user
Only two things are infinite, the universe and human stupidity, and I'm
not sure about the former. -- Einstein (attrib.)