Results 1 to 1 of 1
I have my pam.d setup on my RHEL 4.6 machines. I set up the system-auth with the following line: password required pam_unix.so nullok use_authtok md5 shadow \ remember=5 I just ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 03-07-2008 #1
- Join Date
- Mar 2008
Need help with pam_unix.so nullok param
password required pam_unix.so nullok use_authtok md5 shadow \
I just need somebody to tell me that I am all wet or that I understand it correctly.
My understanding is that if a password for Joe expires, the /etc/shadow file drops the encrytped password for Joe, essentially, Joe has no password. BUT
when Joe tries to login, pam_unix.so sees that Joe has an account (/etc/passwd) but his encrypted password field in /etc/shadow is null. Joe is then allowed to enter a new password which must pass the pam_cracklib.so parameters (use_authtok). If there was no nullok, then Joe would not be identified as a valid user with an expired password and would not be allowed to choose a new password.
So is that correct or am I dreaming?