I am not quite sure why you would want root's attempts to fail. root (I assume you) should know a good password from a bad one when you set it. The system will generally warn you that the passwd that you are setting is lousy but will let you set it if you insist (Just the way it should be). When I am logged in as root I don't want my system second guessing anything I do (even if that thing is rm -rf /).
Just a thought... Phillip -----Original Message----- From: martin f krafft <[EMAIL PROTECTED]> To: debian security <[email protected]> Date: Fri, 18 Jan 2002 15:24:35 +0100 Subject: enforcing strong passwords libpam-cracklib is nice, but how do i get PAM to enforce at least one upper case letter, and at least on of {symbol,digit}? also, are there any PAM programmer cracks here? i have a program here [1] that registers with PAM as the passwd service, but since it runs as root, it ignore libpam-cracklib. i wouldn't mind adding that support, but i am a PAM-newbie and don't know how to obtain the message that the e.g. passwd binary gives when a password failed cracklib: New UNIX password: BAD PASSWORD: it is based on a dictionary word running passwd as root causes the warning to be displayed, but PAM still succeeds (obviously). i want it to fail even for root, or i want at least access to that message. and the passwd sources are really confusing... 1. http://ceti.pl/~kravietz/progs/poppassd-1.8-ceti.tar.gz -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] fashions have done more harm than revolutions. -- victor hugo
