Darren J Moffat wrote: >>> 3) Dictionary checking with crack will be enabled by default >>> /etc/default/passwd:DICTIONDBDIR=/var/passwd >>> >>> >> Where will/does crack live? >> > > It is embedded inside pam_authtok_check.so.1 > > >> And why are we adding a dictionary check in this manner, >> rather than checking new passwords? >> > > It does check new passwords that is what the feature does. > > It isn't a new feature I'm proposing, I'm just proposing turning on > something we already have that has been shipping since S9 (IIRC)
Ok, the way I interpreted what you wrote was to use crack of old (attempting to brute force encrypted passwords) to check what goes in the password field, which struck me as strange. Darren
