- 论坛徽章:
- 0
|
这是因为采用pam机制后,/etc/login.defs中的配置不起作用,而pam中 pam_cracklib.so 的参数minlen=9也是个假参数,因为他内部调用的函数pam_sm_chauthtok调用的FascistCheck(位于 cracklib.so独立于pam之外)对密码长度分析时并不理踩minlen这个值,而是内部写死的,所以,要使得原来的/etc/login.defs配置有效,必须等patch。
可以看这个代码片段(cracklib/cracklib,2.7/cracklib/fascist.c):其中的MINLEN):
#define MINLEN 6
char *
FascistLook(pwp, instring)
PWDICT *pwp;
char *instring;
{
int ii;
char *ptr;
char *jptr;
char junk[STRINGSIZE];
char *password;
char rpassword[STRINGSIZE];
int32 notfound;
notfound = PW_WORDS(pwp);
/* already truncated if from FascistCheck() */
/* but pretend it wasn't ... */
strncpy(rpassword, instring, TRUNCSTRINGSIZE);
rpassword[TRUNCSTRINGSIZE - 1] = '';
password = rpassword;
if (strlen(password) < 4)
{
return ("it's WAY too short");
}
if (strlen(password) < MINLEN)
{
return ("it is too short");
}
jptr = junk;
*jptr = '';
for (ii = 0; ii < STRINGSIZE && password[ii]; ii++)
{
if (!strchr(junk, password[ii]))
{
*(jptr++) = password[ii];
*jptr = '';
}
}
if (strlen(junk) < MIND
===================================
以上是另一位牛人博客上对于这个问题的解释 |
|