PDA

View Full Version : [all variants] Dapper PAM bug?



masmad
May 16th, 2008, 11:52 AM
I have one machine running 6.06 and I just tried to tighten the password policy. I noticed that even though the obscure-option is passed to PAM in /etc/pam.d/common-password, I can use "weak" passwords.

Of course, I'm not sure which passwords PAM should consider "weak", but I created a testuser and as that user running passwd allowed me to change the password to 11111 and aaaaa.

Can someone confirm this? Or tell me that I'm just doing something wrong ;)

Oh and I know about cracklib, but I'd like to know if I can live without it.