This discussion is archived
6 Replies Latest reply: May 27, 2013 1:22 PM by user9225014 RSS

/etc/default/passwd mindiff parameter

user9225014 Newbie
Currently Being Moderated
Hello
Im not expert in solaris so , Could any explain me, why i can set "2013LofMeOnMay" as my new password if my old password was "2013LogMeOnMay", please?
may be i am making an mistake ? Is possible that MINDIFF parameter doesnt work properly ?
the MINDIFF between two pasword is equal 1?

See my /etc/default/passwd configuration bellow
#MAXWEEKS=
#MINWEEKS=
PASSLENGTH=8
NAMECHECK=YES
HISTORY=10
MINDIFF=3
MINALPHA=2
MINNONALPHA=1
MINUPPER=1
MINLOWER=1
MAXREPEATS=0
#MINSPECIAL=0
#MINDIGIT=0
WHITESPACE=YES
#DICTIONLIST=
#DICTIONDBDIR=/var/passwd

-----
# uname -a
SunOS Solaris01 5.10 Generic_147441-01 i86pc i386 i86pc


Thank you,
Regards.
Franco Avila,
  • 1. Re: /etc/default/passwd mindiff parameter
    Reidod Explorer
    Currently Being Moderated
    Hello,

    Can you post the output of this command:

    #grep passwd /etc/nsswitch.conf

    Regards,
    Rei
  • 2. Re: /etc/default/passwd mindiff parameter
    abrante Pro
    Currently Being Moderated
    Could be related to your PASSLENGHT being 8, so you are only using 8 character passwords, maybe its comparing

    "2013LofMe" with "2013LogMeOnMay" or the other way around. Try increasing your PASSLENGTH and then set a new password and try it again.

    .7/M.
  • 3. Re: /etc/default/passwd mindiff parameter
    user9225014 Newbie
    Currently Being Moderated
    Hi Rei,
    Heres the output command:

    $grep passwd /etc/nsswitch.conf

    passwd: files


    Could you tell me a "MINDIFF" definition with more details that manual of passwd

    "Minimum differences required between an old and a new password. If MINDIFF is not set, the default is 3."

    Thank you,
    Regards,
    Franco.
  • 4. Re: /etc/default/passwd mindiff parameter
    user9225014 Newbie
    Currently Being Moderated
    Hi Abrante
    I followed the next steps:
    1- Change "PASSLENGTH" parameter with value 14 (only this parameter the rest of them are equals)
    2- Reboot Solaris
    3- Set intial password with value "9RunForrestRon"
    4- The next attemp i can set a new password with value "9RumForrestRon", so why i can set password with a mindiff=1?

    Could you tell me a "MINDIFF" definition with more details that manual of passwd

    "Minimum differences required between an old and a new password. If MINDIFF is not set, the default is 3."

    Thank you,
    Regards,
    Franco.
  • 5. Re: /etc/default/passwd mindiff parameter
    abrante Pro
    Currently Being Moderated
    MINDIFF tells Solaris how much difference there must be (in characters) between the old password and the new password.


    If you set it to 1, you tell the OS that a user must change, at a minimum, one character in their password when they change it.

    The difference between the two passwords you gave me in your last example..:
    9RunForrestRon
    9RumForrestRon

    .. is exactly one character, so it should be ok.

    However, if you would set MINPASS to a value greater than 1, this shouldn't have worked..



    .7/M.
  • 6. Re: /etc/default/passwd mindiff parameter
    user9225014 Newbie
    Currently Being Moderated
    Hi Abrate,
    The test that i posted was a with mindiff=3 (all parameter values are the same that i published in this thread except Passlength). If i follow your mindiff definition, this case refutes the definition (last posted), but i agree with when you said that this change should not work. Probably this is a bug on Solaris Password Policy. Maybe the mindiff parameter is conditional with other parameter or maybe i omitted a configuration of system. Could you tell me where i locate the Solaris code that validate the "string" password with password policy configuration?.

    Thank you for your help,
    My best regards,
    Franco.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points