password strength checking not consistently implemented
Glenn Johnson
gjohnson at srrc.ars.usda.gov
Thu Aug 14 15:55:09 PDT 2003
I have set up the password strength checking system using
pam_passwdqc.so, set in /etc/pam.d/passwd. I have also set up password
expiration.
When a user issues the 'passwd' command, the password strength checking
module works as expected. When a user logs in via the console after the
password expiry time has passed, the login program prompts for a new
password before the session begins. However, this password change has
no strength check at all. Is there some other change I need to make to
may pam configuration?
Thanks.
--
Glenn Johnson
USDA, ARS, SRRC Phone: (504) 286-4252
New Orleans, LA 70124 e-mail: gjohnson at srrc.ars.usda.gov
More information about the freebsd-current
mailing list