Bad Penguin Logo
Advertisement

Solaris password history PDF Print E-mail
 

By TuxInvader, on 22-08-2006 07:01

Views : 3223

Published in : Technology, Solaris
Solaris 9 is a little confused when it comes to security. It implements some cool features likes roles, RBAC and BSM auditing, but doesn't include decent password strength or password history checks. Luckily Solaris 9 does include PAM so these things can be added as modules. 
 
Password cracking is easy, we just need to add a Solaris version of pam_cracklib, but I was unable to find a suitable module for password history. I decided to modify the pam_cracklib module  to include a password history check...
 
I modified a copy of the solaris friendly cracklib from sourceforge. It's currently at version 0.11 and has been for some time.
 
Download my modifed pam_cracklib ==>  Pam_Cracklib_with_history_checks
 
License: GNU GPL Version 2 
Copyright:  Krzysztof Majewski 2003 - 2006
Copyright:  (Password history modification) Mark Boddington 2006 
 
When you have extracted the archive you will want to change the constants.h file to settings suitable for your environment. You will want to chose a random two character salt for HISTORY_SALT and change the HIST_LENGTH to be the number of passwords you want to remember.
 
The old passwords are stored in /etc/security/pass-history unless you change the PASS_HISTORY constant.
 
Enjoy.

Last update : 20-10-2006 18:36

    

Users' Comments  
 

Display 1 of 1 comments
[+] Expand comment

technology Support Analyst

By: Jose Diaz () on 20-10-2007 21:54

[-] Collapse comment

technology Support Analyst

By: Jose Diaz on 20-10-2007 21:54

Hi Mark, 
 
Saludos desde Colombia. I've been looking for something like this and I already tried the Solaris friendly version from Sourceforge. However, with both versions I ran into a strange (at least for me) problem. The code compiles and links properly, ldd reports no missing dependecies, but when I try to use the module by invoking the passwd command I get the following error: 
 
Oct 20 15:43:59 myhost passwd[26599]: [ID 825731 user.error] dlsym failed pam_sm_authenticate: error ld.so.1: passwd: fatal: pam_sm_authenticate: can't find symbol 
 
I linked with both Solaris and GNU ld with the same result... tested in both Solaris 8 and 9. I even tested with cracklib 2.7 and 2.8.12 with the same result... 
 
I wonder if you can give me a hints to overcome this...  
Thanks in advance.

 

» Report this comment to administrator

» Reply to this comment...

Display 1 of 1 comments



Add your comment
[-] Hide form
Name
E-mail
Title  
 
Comment
 
Available characters: 600
 
  This image contains a scrambled text, it is using a combination of colors, font size, background, angle in order to disallow computer to automate reading. You will have to reproduce it to post on my homepage
Enter what you see:
   
   

< Prev   Next >
[ Back ]