"min" and "max" seem to be specific to Debian, and only get used
together with the "obscure" keyword: There's a debian-specific patch
(debian/patches-applied/007_modules_pam_unix), which adds the function
obscure_msg(), where "min" and "max" get handled.
If "md5" gets used, it assumes "unlimited password length" and skips
password_check()!
It does not really check for pass_max_len otherwise, too.
Then, there is a "strange" check in obscure_msg() - at least I don't understand
it:
+ if (oldlen <= pass_max_len && newlen <= pass_max_len)
+ return NULL;
..and the passwords passed to password_check() get limited then to pass_max_len
(what seems to be the only use of "max").
Altogether, this looks really weird altogether
I'm using Ubuntu Feisty, pam 0.79-4ubuntu2.
btw: apart from that, limiting a password to the first X chars seems to
be bad IMHO!
** Changed in: pam (Ubuntu)
Status: Unconfirmed => Confirmed
--
Documentation for pam_unix incorrect for "max=" option
https://bugs.launchpad.net/bugs/85790
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
