Would someone with some understanding of PAM please review my change
to libpam which fixes an old bug preventing the use of PAM modules
to check a password on attempts to change it. This is:
src/lib/libpam/modules/pam_unix/pam_unix.c rev. 1.14
I'd like to have this patch pulled up to at least the 5.x release
branch because "passwdqc" seems to be a popular tool for that
purpose (FreeBSD and DragonFly have added it to the base system
apparently), and it would look bad if it didn't work on our
official release.
passwdqc is in pkgsrc, and its homepage refers to the NetBSD port.
While we are here: I'd suggest to drop the pw_policy(3) stuff
in NetBSD's libutil. Its API (and the semantics of weighting the
strengths of a password) is so strange that I can't imagine
any use for it. Would you miss it?