Thanks for all who provided ideas regarding how to solve this issue. I have replied to most of the posters individually (I apologize if I missed you). My previous UPDATE email hopefully already summarized the gist of responses that I received. Some replies also suggested the use of wrappers, scripts, etc. However, IMO, those are not really clean solutions and solutions of this type have caused us problem before. Failing to get hold of a ideal technical solution for this issue, I did some wild search and came across an article on Sun's blueprint online: Extending Authentication in the Solaris 9 OE using PAM: Part II (blueprint online Oct. 2002). One of the examples in this article talks EXACTLY about how to modify the passwd management scheme with the example PAM module compare.c. I have yet to try this out... Thanks again. Zaigui --- Zaigui Wang <zaigui@yahoo.com> wrote: > From: Zaigui Wang <zaigui@yahoo.com> > Subject: Update: Solaris password - about > three-letter difference > To: sunmanagers@sunmanagers.org > Date: Wed, 19 Feb 2003 12:29:26 -0800 (PST) > > As expected, a lot of the replies suggest that we, > as > sysadmin, should not back down simply because some > user in the senior management does not like the > inconvenience that this has caused him/her. > Education > is the buzz word for the solution. > > I agree with you guys on most of the points and we > are > still trying to resolve this by persuasion and > education. Politics aside, I do see though a > neccessity of making this restriction tunable. It is > my understanding that other OSes, such as Windows > and > Novell, allows a more flexible password policy to be > customized based on the customers' need. > > Many people assumed that the problem is with > changing > from 3 to 2 or 1 letter difference, but the same > problem is still there if one day we decide that > 3-letter difference is not strong enough to fend off > secuity breaches and would like to go up to 4-letter > or 5-letter difference. > > I would appreciate it very much if our expert here > can > provide some hints on modifying/writing PAM modules > to > make this work... > > Zaigui > > > > > Hi managers, > > > > In solaris, when you change your password, the new > > password has to be different in three positions > from > > the previous password. > > > > Is there any way this can be tuned? We are having > here > > some unhappy user (not just the regular user, I > assure > > you) and are asked to change this to 1-position > > different. > > > > SUN's answer to this is it is not tunable. Can > anybody > > provide some magic workaround? > > > > Zaigui > > Yahoo! Shopping - Send Flowers for Valentine's Day > > http://shopping.yahoo.com > Yahoo! Shopping - Send Flowers for Valentine's Day > http://shopping.yahoo.com > _______________________________________________ > sunmanagers mailing list > sunmanagers@sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Thu Feb 27 14:47:51 2003
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:04 EST