Copyright (C) 2003, Sun Microsystems, Inc.
All Rights Reserved
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
pam_authtok_check.so.1
The password should not be a circular shift of the login name. This check may be disabled in /etc/default/passwd.
The password should contain at least the minimum number of characters described by the parameters MINALPHA, MINNONALPHA, MINDIGIT, and MINSPECIAL. Note that MINNONALPHA describes the same character classes as MINDIGIT and MINSPECIAL combined; therefore the user cannot specify both MINNONALPHA and MINSPECIAL (or MINDIGIT). The user must choose which of the two options to use. Furthermore, the WHITESPACE parameter determines whether whitespace characters are allowed. If unspecified MINALPHA is 2, MINNONALPHA is 1 and WHITESPACE is yes
The old and new passwords must differ by at least the MINDIFF value specified in /etc/default/passwd. If unspecified, the default is 3. For accounts in name services which support password history checking, if prior history is defined, the new password must not match the prior passwords.
The password must not be based on a dictionary word. The list of words to be used for the site's dictionary can be specified with DICTIONLIST. It should contain a comma-separated list of filenames, one word per line. The database that is created from these files is stored in the directory named by DICTIONDBDIR (defaults to /var/passwd). See mkpwdict(8) for information on pre-generating the database. If neither DICTIONLIST nor DICTIONDBDIR is specified, no dictionary check is made.
The password must contain at least the minimum of upper- and lower-case letters specified by the MINUPPER and MINLOWER values in /etc/default/passwd. If unspecified, the defaults are 0.
The password must not contain more consecutively repeating characters than specified by the MAXREPEATS value in /etc/default/passwd. If unspecified, no repeat character check is made.
The following option may be passed to the module: force_check
If the PAM_NO_AUTHTOK_CHECK flag set, force_check ignores this flag. The PAM_NO_AUTHTOK_CHECK flag can be set to bypass password checks (see pam_chauthtok(3PAM)).
syslog(3C) debugging information at the LOG_DEBUG level
See passwd(1) for a description of the contents.
ATTRIBUTE TYPE ATTRIBUTE VALUE |
Interface Stability Evolving |
MT Level MT-Safe with exceptions |
The pam_unix(7) module is no longer supported. Similar functionality is provided by pam_authtok_check(7), pam_authtok_get(7), pam_authtok_store(7), pam_dhkeys(7), pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7), and pam_unix_session(7).