"Fossies" - the Fresh Open Source Software Archive

Member "passwdqc-2.0.3/PLATFORMS" (23 Jun 2023, 2197 Bytes) of package /linux/privat/passwdqc-2.0.3.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "PLATFORMS": 1.4.0_vs_2.0.0.

    1 Please see the README for instructions common to all platforms and
    2 descriptions of the options mentioned here.
    3 
    4 
    5 	Linux.
    6 
    7 Most modern Linux distributions use Linux-PAM with a password changing
    8 module which understands "use_authtok".  Thus, you may choose which
    9 module prompts for the old password, things should work either way.
   10 
   11 
   12 	FreeBSD 5+, DragonFly BSD 2.2+.
   13 
   14 FreeBSD 5 and newer, as well as DragonFly BSD 2.2 and newer, include
   15 pam_passwdqc in the base system.  You should be able to use either the
   16 included or the distributed separately version of pam_passwdqc with
   17 these systems.  There's a commented out usage example in the default
   18 /etc/pam.d/passwd.
   19 
   20 FreeBSD 4 and older used a cut down version of Linux-PAM (not OpenPAM)
   21 and didn't use PAM for password changing.
   22 
   23 
   24 	OpenBSD.
   25 
   26 OpenBSD does not use PAM, however it is able to use passwdqc's pwqcheck
   27 program.  Insert the line ":passwordcheck=/usr/bin/pwqcheck -1:\"
   28 (without the quotes, but with the trailing backslash) into the "default"
   29 section in /etc/login.conf.
   30 
   31 
   32 	Solaris, HP-UX 11.
   33 
   34 On Solaris 2.6, 7, and 8 (without patch 108993-18/108994-18 or later)
   35 and on HP-UX 11, pam_passwdqc has to ask for the old password during
   36 the update phase.  Use "ask_oldauthtok=update check_oldauthtok" with
   37 pam_passwdqc and "use_first_pass" with pam_unix.
   38 
   39 On Solaris 8 (with patch 108993-18/108994-18 or later), 9, and 10,
   40 use pam_passwdqc instead of both pam_authtok_get and pam_authtok_check,
   41 and set "retry=1" with pam_passwdqc as the passwd command has its own
   42 handling for that.
   43 
   44 You will likely also need to set "max=8" in order to actually enforce
   45 not-so-weak passwords with the obsolete traditional DES-based hashes
   46 that most Solaris systems use and the flawed approach HP-UX uses to
   47 process characters past 8.  Of course this way you only get about one
   48 third of the functionality of pam_passwdqc.  As a better alternative,
   49 on modern Solaris systems you may edit the "CRYPT_DEFAULT=__unix__" line
   50 in /etc/security/policy.conf to read "CRYPT_DEFAULT=2a" to enable the
   51 OpenBSD-style bcrypt (Blowfish-based) password hashing.
   52 
   53 There's a wiki page with detailed instructions specific to Solaris:
   54 
   55 https://openwall.info/wiki/passwdqc/solaris