- 论坛徽章:
- 0
|
提在于用错了ControlFlag,应该用requisite而用了request
pam_cracklib.so 会引用cracklib的一段函数FascistCheck()来判断password和username之间的关联度
ErrorMessage是"is based on your user name"
如果设置了Debug在pam_cracklib.so的参数行里面,应该还可以看到错误的password字节在syslog里面,
而Errlog,在Fedora应该是security log,在Montavista好像是在auth log里面
下面是相关的Code,
if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath))) {
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg);
pam_error(pamh, _("BAD PASSWORD: %s"), crack_msg);
if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
retval = PAM_AUTHTOK_ERR;
else
retval = PAM_SUCCESS;
} else {
/* check it for strength too... */
D(("for strength"));
retval = _pam_unix_approve_pass (pamh, ctrl, &options,
oldtoken, token1);
if (retval != PAM_SUCCESS) {
if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
retval = PAM_AUTHTOK_ERR;
else
retval = PAM_SUCCESS;
}
} |
|