Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
The ONE Campaign to make poverty history

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 62 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       The  pam_pwcheck  is  a  PAM  module for password strength
       checking.  It  makes  additional  checks   upon   password
       changes,  but  it doesn't make the change itself.  It only
       provides functionality for one PAM management group: pass­
       word changing.

       This  module  works in the following manner: if enabled it
       calls at first the Cracklib routine to check the  strength
       of  the  password; if crack likes the password, the module
       does an additional set of strength  checks.  These  checks

              Is the new password a palindrome of the old one?

       Case Change Only
              Is  the  new  password  the the old one with only a
              change of case?

              Is the new password too much like the old one?

       Simple Is the new password too small?

              Is the new password a rotated version  of  the  old

       Already used
              Was the password used in the past?  Previously used
              passwords are to be found in /etc/security/opasswd.

       You can add the options in the PAM configuration files for
       every single  service  or  you  can  add  them  global  in


       The following options may be passed to the module:

              This  is  a  new password encryption method used by
              OpenBSD and the Openwall Linux  distribution.  This
              option  means  only,  that  a  password could be 97
              characters long. Longer  passwords  will  be  trun­
              cated.  The  encryption  itself  is done by the PAM
              module who stores the password.

       cracklib=<path to dictionaries>
              Use cracklib  library  for  password  checks.  This
              parameter  also  contains  the path to the cracklib
              dictionaries.  The   default   is   /usr/lib/crack­
              will be rejected.  A  zero  value  suppresses  this
              check. The default is 5.

              This  options  specifies a path to the source files
              for NIS maps on a NIS master server. If this option
              is given, the passwords of NIS accounts will not be
              changed with yppasswd(1), instead the local  passwd
              and  shadow files below <path> will be modified. In
              conjunction with rpasswdd(8) and pam_make  you  can
              replace  rpc.yppasswdd(8)  with a more secure solu­
              tion on the NIS master server.

              No additional checks will be performed before a new
              password  is  accepted.  Since the checks performed
              are fairly simple, their usage is recommended.

              If this option is given, pam_pwcheck will not  make
              the new password available for other modules.

       nullok Normally  the account is disabled if no password is
              set or if the length of the password is zero.  With
              this  option  you  can allow the user to change his
              password for such accounts. This  option  does  not
              overwrite  a  hardcoded default by the calling pro­

              Maximum number of attempts to change a password  if
              the new one are rejected because they are too easy.

              Set the new password to the  one  provided  by  the
              previously  stacked password module. If this option
              is not set, pam_pwcheck would ask the user for  the
              new password.

              The  default  is, that pam_pwcheck tries to get the
              authentication token from a previous module.  If no
              token  is  available, the user is asked for the old
              password.  With  this  option,  pam_pwcheck  aborts
              with  an  error  if  no authentication token from a
              previous module is available.

       md5    In the case of conventional unix  databases  (which
              store  the  password encrypted) the md5 argument is
              used to do the encryption with the MD5 function  as
              opposed to the conventional crypt(3) call.



       passwd(1),  pam.conf(8),  pam.d(8),  pam(8),   rpasswd(1),
       rpasswdd(8), rpc.yppasswdd(8), yppasswd(1)

pam_pwcheck                January 2003            pam_pwcheck(8)



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can get all the latest Site and Linux news by checking out our news page.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds