LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-23-2015, 08:14 AM   #1
Ivory244
LQ Newbie
 
Registered: Mar 2015
Posts: 2

Rep: Reputation: Disabled
Why passwd command does not use pam_unix_passwd.c module source code


I am working on modifying the source code for the Pam module in CentOS 6.6. All I need to do is add an if statement to check the length of the password after the password has been changed. I made changes in the pam source file under modules/pam_unix/pam_unix_password.c (shown below). These changes run successfully when I change the password at the log in screen but if I run the command passwd from a terminal window my if statement does not run at all. Can you please help explain why making these changes work when changing the password at the login screen but not by changing the password using the passwd command in a terminal window?

My overall goal includes the following password requirements:
1. Minimum length of password is 8 characters. (This password will expire in 90 days.)
2. If password is 13 characters or greater, password will never expire.

NOTE: I already have a script that manages password expiration instead of using pam.

I have also tried modifying the /etc/pam.d/system-auth. I set the minimum required password to be 8 characters but I was unable to find a configuration that checks for password of 13 characters or more and outputs the information to a file. I then turned to modifying the pam source code in order to test if the user input a 13 character password and just output the information to a file.

Here is the link where I downloaded the source RPM
http://www.rpmfind.net//linux/RPM/ce....el6.i686.html

These are the changes I made inside Linux-PAM-1.1.1/modules/pam_unix/pam_unix_password.c

...
static int _pam_unix_approve_pass(pam_handle_t * pamh
,unsigned int ctrl
,const char *pass_old
,const char *pass_new)
{
const void *user;
const char *remark = NULL;
int retval = PAM_SUCCESS;

D(("&new=%p, &old=%p", pass_old, pass_new));
D(("new=[%s]", pass_new));
D(("old=[%s]", pass_old));

if (pass_new == NULL || (pass_old && !strcmp(pass_old, pass_new))) {
if (on(UNIX_DEBUG, ctrl)) {
pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
}
_make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
_("No password supplied") : _("Password unchanged"));
return PAM_AUTHTOK_ERR;
}
/*
* if one wanted to hardwire authentication token strength
* checking this would be the place - AGM
*/

retval = pam_get_item(pamh, PAM_USER, &user);
if (retval != PAM_SUCCESS) {
if (on(UNIX_DEBUG, ctrl)) {
pam_syslog(pamh, LOG_ERR, "Can not get username");
return PAM_AUTHTOK_ERR;
}
}
if (off(UNIX__IAMROOT, ctrl)) {
if (strlen(pass_new) < 6)
remark = _("You must choose a longer password");
D(("length check [%s]", remark));

*******************************************
**//added the 13 character password check**
**if(strlen(pass_new) >=13)**
**system("echo 13char > /tmp/Password_length.text");**
*******************************************

if (on(UNIX_REMEMBER_PASSWD, ctrl)) {
if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR)
remark = _("Password has been already used. Choose another.");
if (retval == PAM_ABORT) {
pam_syslog(pamh, LOG_ERR, "can't open %s file to check old passwords",
OLD_PASSWORDS_FILE);
return retval;
}
}
}
...
 
Old 03-23-2015, 10:16 AM   #2
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 982
Blog Entries: 2

Rep: Reputation: 244Reputation: 244Reputation: 244
Can I discourage anything like this

Code:
if(strlen(pass_new) >=13)
    system("echo 13char > /tmp/Password_length.text");
and suggest getting familiar with fopen(), fprintf() and fclose().

Or for this situation
http://man7.org/linux/man-pages/man3/syslog.3.html

Code:
if(strlen(pass_new) >=13)
    syslog(LOG_AUTH|LOG_INFO, "new password at least 13 chars (%d)", strlen(pass_new));
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to copy drive using dd and tee command parallely? source code of dd command mdfakkeer Linux - Software 1 02-10-2010 02:31 PM
Reload this Page Where is the kernel module source code directory? Unregistered Slackware 1 10-13-2007 11:06 PM
Compiling source code for a network card module WindowsBurner Linux - General 12 02-16-2005 05:22 PM
passwd source code? khermans Linux - Security 5 05-27-2004 09:24 PM
passwd source code khermans Linux - Software 1 05-25-2004 04:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration