Bug#215219: marked as done (libpam-cracklib: necessary PAM modification should be documented)

Tue, 03 Mar 2009 23:13:17 -0800 

Your message dated Tue, 3 Mar 2009 23:06:50 -0800
with message-id <[email protected]>
and subject line Re: libpam-cracklib: necessary PAM modification should be 
documented
has caused the Debian Bug report #215219,
regarding libpam-cracklib: necessary PAM modification should be documented
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
215219: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215219
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libpam-cracklib
Version: 0.76-14
Severity: important
Tags: patch

Hi!

When installing libpam-cracklib, only two commented lines are appended
to /etc/pam.d/ssh. Thus, the package does nothing useful by default.

IMHO ssh is the wrong place. cracklib's purpose is fulfilled best when
_changing_ a password (with passwd), not when _using_ it.

Therefore, I suggest to modify /etc/pam.d/passwd as follows and leave
ssh intact:

--------------- snip ---------------
#
# The PAM configuration file for the Shadow `passwd' service
#

# Check the quality of the password before accepting it
password required       pam_cracklib.so retry=3 minlen=6 difok=3
@include other
--------------- snip ---------------

If you ship these lines commented out then you should really explain
that in a README.Debian.

Thanks and have a nice day!

Martin

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux donald 2.6.0-test7 #1 Sat Oct 11 00:48:58 CEST 2003 i686
Locale: lang=de...@euro, lc_ctype=de...@euro

Versions of packages libpam-cracklib depends on:
ii  cracklib-runtime              2.7-12     Runtime support for password check
ii  cracklib2                     2.7-12     A pro-active password checker libr
ii  libc6                         2.3.2-8    GNU C Library: Shared libraries an
ii  libpam0g                      0.76-14    Pluggable Authentication Modules l
ii  wamerican [wordlist]          5-3        American English dictionary words 
ii  wngerman [wordlist]           20030222-4 New German orthography wordlist

-- no debconf information

-- 
Martin Pitt
home:  www.piware.de
eMail: [email protected]

--- End Message ---
--- Begin Message --- 
Version: 1.0.1-6

Well, it happens that this bug is fixed now in unstable, because
libpam-cracklib autoconfigures when installed.  So closing. :)

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
[email protected]                                     [email protected]

--- End Message ---

Reply via email to