Re: bin/10206: of what use are even 128-byte passwords if people can still choose easily guessable ones?

[Matthias Drochner <M.Drochner%fz-juelich.de@localhost>]

The following reply was made to PR bin/10206; it has been noted by GNATS.

From: Matthias Drochner <M.Drochner%fz-juelich.de@localhost>
To: <gnats-bugs%gnats.netbsd.org@localhost>
Cc: 
Subject: Re: bin/10206: of what use are even 128-byte passwords if people can 
 still choose easily guessable ones?
Date: Wed, 18 Nov 2009 18:31:10 +0100

 Just for the record: There is a PAM module in
 pkgsrc/security/pam-passwdqc which does password
 strength checking. The passwdqc code seems to be
 commonly used in Linux distributions.
 There is a bug in NetBSD's pam_unix module which
 makes that it ignores the previously checked
 password, this is fixed in
 lib/libpam/modules/pam_unix/pam_unix.c rev 1.14
 
 best regards
 Matthias
 
 
 
 ---------------------------------------------------------------------------=
 ---------------------
 ---------------------------------------------------------------------------=
 ---------------------
 Forschungszentrum Juelich GmbH
 52425 Juelich
 Sitz der Gesellschaft: Juelich
 Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
 Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
 Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
 Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
 Prof. Dr. Sebastian M. Schmidt
 ---------------------------------------------------------------------------=
 ---------------------
 ---------------------------------------------------------------------------=
 ---------------------