Join Log in
Score:0
juwonlona avatar Server

how to configure passwd/pam.d to confirm new password 3 or more times when changing password with passwd

cn flag
juwonlona

I am looking to reconfigure my pam.d to prompt for new password confirmation 3 times when using passwd to change password.

I have tried to duplicate the unix.so line in password-auth and system-auth like this

password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok

and like this

password    required    pam_unix.so shadow nullok try_first_pass
password    required    pam_unix.so shadow nullok try_first_pass
password    required    pam_unix.so shadow nullok try_first_pass

and many more variations of the above configuration in password-auth & system-auth files but these does not effect much changes as I expect, the confirmation still prompts twice but sometimes return an "error manipulation token" error.

Please what (what parameters) do I need to do to control how many times users will be prompted to confirm new password when using passwd Thanks.

128
0 + 1
pam
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
I am afraid it is not possible, at least not with `pam_unix`. Please read [man 3 pam_get_authtok](https://man7.org/linux/man-pages/man3/pam_get_authtok.3.html) for clarification (yes, that's PAM API documentation; sometimes you even need to refer to [the source](https://github.com/linux-pam/linux-pam/blob/master/modules/pam_unix/pam_unix_passwd.c) when nothing helps). In short, PAM only supports one confirmation of the password token: this function asks for new passwords strictly twice. There is no configurable parameter to alter this behaviour.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.