Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-id: <58631F367B008548AD61EE659C4D6EEF039675@HVXDSP44.us.lmco.com>
Date: Mon, 12 Mar 2012 19:56:20 +0000
From: "Zielinski, Bruce C" <bruce.c.zielinski@...o.com>
To: "passwdqc-users@...ts.openwall.com" <passwdqc-users@...ts.openwall.com>
Subject: RE: EXTERNAL: Re: Solaris issue...

First - thanks for getting back to me.  truss didn't show me anything useful.  I did find a solution after reading and re-interpreting the README file.
I changed the order of the pam commands to be the following:

other password required  pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_passwdqc.so min=disabled,disabled,disabled,disabled,14, similar=permit match=0 enforce=users use_authtoc
other password requisite pam_authtok_check.so.1
other password required  pam_authtok_store.so.1

I don't get the "pretty" you need upper, lower, number and special char header information, but NIS gets updated properly, the length is properly checked and the complexity enforces upper, lower, number and special. (by the way, I used the 1.0.5 version as I don't really need the "add-ons") Life is good!  I don't know if anyone else encountered this issue and if they found a different solution - but I'd be interested to know.

Again, Thanks!
Bruce

Bruce C. Zielinski, CISSP
Lockheed Martin
199 Borton Landing Road
Moorestown, NJ 08057
M/S 137-A114
bruce.c.zielinski@...o.com 
856-722-5072

-----Original Message-----
From: Solar Designer [mailto:solar@...nwall.com] 
Sent: Saturday, March 10, 2012 11:18 AM
To: passwdqc-users@...ts.openwall.com
Subject: EXTERNAL: Re: [passwdqc-users] Solaris issue...

Hello Bruce,

I'm sorry for the delayed response, although FYI it is quite typical
that I respond to non-urgent messages with a delay of a few days.

On Wed, Mar 07, 2012 at 05:53:49PM +0000, Zielinski, Bruce C wrote:
>                 I'm brand new (couple of minutes) to this list.  I have an issue using passwdqc in a NIS (YP) environment.  Using only flat files, the tool works perfectly (Thank You!), but even if nis is specified in the nsswitch.conf file, I get a Permission denied right after if verifies the password.  I am running on Solaris 9 (but I've tested it with the same results on Solaris 8 and 10).  I've tried version 1.2.2 and 1.0.5 and get the identical results.  The password portion of my pam.conf file is identical to the wiki page entry.

No, I was not aware of this problem before, and it appears that no one
in here has run into it.  There are very few subscribers on this mailing
list, though - most users of passwdqc don't subscribe.

We might try to reproduce the problem on a suitable occasion (I don't
have a suitable Solaris setup handy right now), or/and you may try to
debug it on your own (run the passwd command under truss, etc.)  If you
figure this out, please post to the list to let us and others know.

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.