pam_authtok_check(5)

NAME

     pam_authtok_check - authentication and  password  management
     module

SYNOPSIS

     pam_authtok_check.so.1

DESCRIPTION

     pam_authtok_check provides  functionality  to  the  Password
     Management  stack. The implementation of pam_sm_chauthtok(),
     performs a number of checks on the construction of the newly
     entered password. pam_sm_chauthtok() is invoked twice by the
     PAM framework, once with flags set to PAM_PRELIM_CHECK,  and
     once  with flags set to PAM_UPDATE_AUTHTOK. This module only
     performs its checks during the first invocation. This module
     expects    the   current   authentication   token   in   the
     PAM_OLDAUTHTOK item, the new (to be checked) password in the
     PAM_AUTHTOK  item,  and the login name in the PAM_USER item.
     The checks performed by this module are:

     length
           The password  length  should  not  be  less  that  the
           minimum specified in /etc/default/passwd.

     circular shift
           The password should not be a  circular  shift  of  the
           login name.

     complexity
           The password should contain at least two alpha charac-
           ters and one numeric or special character.

     variation
           The old and new passwords  must  differ  by  at  least
           three positions.

     The following option may be passed to the module:

     debug syslog(3C)  debugging  information  at  the  LOG_DEBUG
           level

ERRORS

     If the password in PAM_AUTHTOK passes all tests, PAM_SUCCESS
     is  returned.  If  any of the tests fail, PAM_AUTHTOK_ERR is
     returned.

FILES

     /etc/default/passwd
           Contains the value for PASSLENGTH, the default minimal
           password length.

ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Interface Stability         | Evolving                    |
    |_____________________________|_____________________________|
    | MT Level                    | MT-Safe with exceptions     |
    |_____________________________|_____________________________|

SEE ALSO

     passwd(1),   pam(3PAM),   pam_chauthtok(3PAM),   syslog(3C),
     libpam(3LIB),           pam.conf(4),          attributes(5),
     pam_authtok_get(5),   pam_authtok_store(5),   pam_dhkeys(5),
     pam_passwd_auth(5),     pam_unix(5),    pam_unix_account(5),
     pam_unix_auth(5), pam_unix_session(5)

NOTES

     The interfaces in libpam(3LIB)  are  MT-Safe  only  if  each
     thread  within  the  multi-threaded application uses its own
     PAM handle.

     The pam_unix(5) module might not be supported  in  a  future
     release.    Similar    functionality    is    provided    by
     pam_authtok_check(5),                    pam_authtok_get(5),
     pam_authtok_store(5),   pam_dhkeys(5),   pam_passwd_auth(5),
     pam_unix_account(5),          pam_unix_auth(5),          and
     pam_unix_session(5).