pam_authtok_check(5)
NAME
pam_authtok_check - authentication and password management
module
SYNOPSIS
pam_authtok_check.so.1
DESCRIPTION
pam_authtok_check provides functionality to the Password
Management stack. The implementation of pam_sm_chauthtok(),
performs a number of checks on the construction of the newly
entered password. pam_sm_chauthtok() is invoked twice by the
PAM framework, once with flags set to PAM_PRELIM_CHECK, and
once with flags set to PAM_UPDATE_AUTHTOK. This module only
performs its checks during the first invocation. This module
expects the current authentication token in the
PAM_OLDAUTHTOK item, the new (to be checked) password in the
PAM_AUTHTOK item, and the login name in the PAM_USER item.
The checks performed by this module are:
length
The password length should not be less that the
minimum specified in /etc/default/passwd.
circular shift
The password should not be a circular shift of the
login name.
complexity
The password should contain at least two alpha charac-
ters and one numeric or special character.
variation
The old and new passwords must differ by at least
three positions.
The following option may be passed to the module:
debug syslog(3C) debugging information at the LOG_DEBUG
level
ERRORS
If the password in PAM_AUTHTOK passes all tests, PAM_SUCCESS
is returned. If any of the tests fail, PAM_AUTHTOK_ERR is
returned.
FILES
/etc/default/passwd
Contains the value for PASSLENGTH, the default minimal
password length.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
| MT Level | MT-Safe with exceptions |
|_____________________________|_____________________________|
SEE ALSO
passwd(1), pam(3PAM), pam_chauthtok(3PAM), syslog(3C),
libpam(3LIB), pam.conf(4), attributes(5),
pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5),
pam_passwd_auth(5), pam_unix(5), pam_unix_account(5),
pam_unix_auth(5), pam_unix_session(5)
NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each
thread within the multi-threaded application uses its own
PAM handle.
The pam_unix(5) module might not be supported in a future
release. Similar functionality is provided by
pam_authtok_check(5), pam_authtok_get(5),
pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5),
pam_unix_account(5), pam_unix_auth(5), and
pam_unix_session(5).
Man(1) output converted with
man2html