svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
pam_authtok_check(7)
Standards, Environments, Macros, Character Sets, and miscellany
pam_authtok_check(7)
NAME
pam_authtok_check - authentication and password management module
SYNOPSIS
pam_authtok_check.so.1
DESCRIPTION
pam_authtok_check provides functionality to the Password Management
stack. The implementation of pam_sm_chauthtok() performs a number of
checks on the construction of the newly entered password. pam_sm_chau‐
thtok() is invoked twice by the PAM framework, once with flags set to
PAM_PRELIM_CHECK, and once with flags set to PAM_UPDATE_AUTHTOK. This
module only performs its checks during the first invocation. This mod‐
ule expects the current authentication token in the PAM_OLDAUTHTOK
item, the new (to be checked) password in the PAM_AUTHTOK item, and the
login name in the PAM_USER item. The checks performed by this module
are:
length The password length should not be less than the
minimum specified in /etc/default/passwd.
circular shift The password should not be a circular shift of the
login name. This check may be disabled in
/etc/default/passwd.
complexity The password should contain at least the minimum
number of characters described by the parameters
MINALPHA, MINNONALPHA, MINDIGIT, and MINSPECIAL.
Note that MINNONALPHA describes the same character
classes as MINDIGIT and MINSPECIAL combined; there‐
fore the user cannot specify both MINNONALPHA and
MINSPECIAL (or MINDIGIT). The user must choose
which of the two options to use. Furthermore, the
WHITESPACE parameter determines whether whitespace
characters are allowed. If unspecified, MINALPHA is
2, MINNONALPHA is 1, and WHITESPACE is yes.
variation The old and new passwords must differ by at least
the MINDIFF value specified in /etc/default/passwd.
If unspecified, the default is 3. For accounts in
name services which support password history check‐
ing, if prior history is defined, the new password
must not match the prior passwords.
dictionary check The password must not be based on a dictionary
word. The list of words to be used for the site's
dictionary can be specified with DICTIONLIST. It
should contain a comma-separated list of filenames.
The database that is created from these files is
stored in the directory named by DICTIONDBDIR
(defaults to /var/passwd). See mkpwdict(8) for
information on the dictionary format and on pre-
generating the database. If neither DICTIONLIST nor
DICTIONDBDIR is specified, no dictionary check is
made. DICTIONMINWORDLENGTH is used to filter words
from DICTIONLIST shorter than the specified minimum
word length.
upper/lowercase The password must contain at least the minimum of
uppercase and lowercase letters specified by the
MINUPPER and MINLOWER values in
/etc/default/passwd. If unspecified, the defaults
are 0.
maximum repeats The password must not contain more consecutively
repeating characters than specified by the MAXRE‐
PEATS value in /etc/default/passwd. If unspecified,
no repeat character check is made.
The following option may be passed to the module:
force_check If the PAM_NO_AUTHTOK_CHECK flag set, force_check
ignores this flag. The PAM_NO_AUTHTOK_CHECK flag can
be set to bypass password checks (see pam_chauth‐
tok(3PAM)).
server_policy If the account authority for the user, as specified by
PAM_USER, is not files or NIS, and if server_policy is
specified, this module does not perform any password-
strength checks. Instead, it leaves it to the account
authority to validate the new password against its own
set of rules.
debug syslog(3C) debugging information at the LOG_DEBUG
level
RETURN VALUES
If the password in PAM_AUTHTOK passes all tests, PAM_SUCCESS is
returned. If any of the tests fail, PAM_AUTHTOK_ERR is returned.
FILES
/etc/default/passwd See passwd(1) for a description of the contents.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Interface StabilityCommitted _ MT LevelMT-Safe with
exceptions
SEE ALSO
passwd(1), syslog(3C), libpam(3LIB), pam(3PAM), pam_chauthtok(3PAM),
pam.conf(5), passwd(5), shadow(5), attributes(7), pam_authtok_get(7),
pam_authtok_store(7), pam_dhkeys(7), pam_passwd_auth(7),
pam_unix_account(7), pam_unix_auth(7), pam_unix_session(7), mkpwdict(8)
NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within
the multi-threaded application uses its own PAM handle.
Oracle Solaris 11.4 11 May 2021 pam_authtok_check(7)