Martin Pool wrote:
> The PAM module might store previous passwords in a database (e.g. tdb)
> that it maintains. Every time a password is set, it gets put in
> there, with any other appropriate information (date?). When a new
> password-setting attempt is made, it checks against the history, plus
> other strength checks.
Do we even need to save the decrypted password?
A colleague once saved old encrypted passwords
to allow the "do they really know the old one"
test to be done via challange-response.
--dave
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems DCMO | some people and astonish the rest.
Toronto, Ontario |
(905) 415-2849 or x52849 | [EMAIL PROTECTED]
