Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 03-23-2015, 08:14 AM   #1
LQ Newbie
Registered: Mar 2015
Posts: 2

Rep: Reputation: Disabled
Why passwd command does not use pam_unix_passwd.c module source code

I am working on modifying the source code for the Pam module in CentOS 6.6. All I need to do is add an if statement to check the length of the password after the password has been changed. I made changes in the pam source file under modules/pam_unix/pam_unix_password.c (shown below). These changes run successfully when I change the password at the log in screen but if I run the command passwd from a terminal window my if statement does not run at all. Can you please help explain why making these changes work when changing the password at the login screen but not by changing the password using the passwd command in a terminal window?

My overall goal includes the following password requirements:
1. Minimum length of password is 8 characters. (This password will expire in 90 days.)
2. If password is 13 characters or greater, password will never expire.

NOTE: I already have a script that manages password expiration instead of using pam.

I have also tried modifying the /etc/pam.d/system-auth. I set the minimum required password to be 8 characters but I was unable to find a configuration that checks for password of 13 characters or more and outputs the information to a file. I then turned to modifying the pam source code in order to test if the user input a 13 character password and just output the information to a file.

Here is the link where I downloaded the source RPM

These are the changes I made inside Linux-PAM-1.1.1/modules/pam_unix/pam_unix_password.c

static int _pam_unix_approve_pass(pam_handle_t * pamh
,unsigned int ctrl
,const char *pass_old
,const char *pass_new)
const void *user;
const char *remark = NULL;
int retval = PAM_SUCCESS;

D(("&new=%p, &old=%p", pass_old, pass_new));
D(("new=[%s]", pass_new));
D(("old=[%s]", pass_old));

if (pass_new == NULL || (pass_old && !strcmp(pass_old, pass_new))) {
if (on(UNIX_DEBUG, ctrl)) {
pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
_make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
_("No password supplied") : _("Password unchanged"));
* if one wanted to hardwire authentication token strength
* checking this would be the place - AGM

retval = pam_get_item(pamh, PAM_USER, &user);
if (retval != PAM_SUCCESS) {
if (on(UNIX_DEBUG, ctrl)) {
pam_syslog(pamh, LOG_ERR, "Can not get username");
if (off(UNIX__IAMROOT, ctrl)) {
if (strlen(pass_new) < 6)
remark = _("You must choose a longer password");
D(("length check [%s]", remark));

**//added the 13 character password check**
**if(strlen(pass_new) >=13)**
**system("echo 13char > /tmp/Password_length.text");**

if (on(UNIX_REMEMBER_PASSWD, ctrl)) {
if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR)
remark = _("Password has been already used. Choose another.");
if (retval == PAM_ABORT) {
pam_syslog(pamh, LOG_ERR, "can't open %s file to check old passwords",
return retval;
Old 03-23-2015, 10:16 AM   #2
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 982
Blog Entries: 2

Rep: Reputation: 244Reputation: 244Reputation: 244
Can I discourage anything like this

if(strlen(pass_new) >=13)
    system("echo 13char > /tmp/Password_length.text");
and suggest getting familiar with fopen(), fprintf() and fclose().

Or for this situation

if(strlen(pass_new) >=13)
    syslog(LOG_AUTH|LOG_INFO, "new password at least 13 chars (%d)", strlen(pass_new));


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to copy drive using dd and tee command parallely? source code of dd command mdfakkeer Linux - Software 1 02-10-2010 02:31 PM
Reload this Page Where is the kernel module source code directory? Unregistered Slackware 1 10-13-2007 11:06 PM
Compiling source code for a network card module WindowsBurner Linux - General 12 02-16-2005 05:22 PM
passwd source code? khermans Linux - Security 5 05-27-2004 09:24 PM
passwd source code khermans Linux - Software 1 05-25-2004 04:47 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:02 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration