On Fri, 2003-02-14 at 02:09, David Collier-Brown -- Customer Engineering wrote: > Martin Pool wrote: > > The PAM module might store previous passwords in a database (e.g. tdb) > > that it maintains. Every time a password is set, it gets put in > > there, with any other appropriate information (date?). When a new > > password-setting attempt is made, it checks against the history, plus > > other strength checks. > > Do we even need to save the decrypted password? > A colleague once saved old encrypted passwords > to allow the "do they really know the old one" > test to be done via challange-response.
Anybody doing this 'must change password every x days' thing has to store the decrypted password, or else your users change from password1 to password2 to password3 then back to password1. We need to allow this possibility. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part