Error message

  • Deprecated function: implode(): Passing glue string after array is deprecated. Swap the parameters in drupal_get_feeds() (line 394 of /data03/toxictux/public_html/main/includes/common.inc).
  • Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in menu_set_active_trail() (line 2405 of /data03/toxictux/public_html/main/includes/menu.inc).

Solaris password history

Solaris 9 is a little confused when it comes to security. It implements some cool features likes roles, RBAC and BSM auditing, but doesn't include decent password strength or password history checks. Luckily Solaris 9 does include PAM so these things can be added as modules. 
 
Password cracking is easy, we just need to add a Solaris version of pam_cracklib, but I was unable to find a suitable module for password history. I decided to modify the pam_cracklib module  to include a password history check...
 
I modified a copy of the solaris friendly cracklib from sourceforge. It's currently at version 0.11 and has been for some time.
 
Download my modifed pam_cracklib ==>  Pam_Cracklib_with_history_checks
 
License: GNU GPL Version 2 
Copyright:  Krzysztof Majewski 2003 - 2006
Copyright:  (Password history modification) Mark Boddington 2006 
 
When you have extracted the archive you will want to change the constants.h file to settings suitable for your environment. You will want to chose a random two character salt for HISTORY_SALT and change the HIST_LENGTH to be the number of passwords you want to remember.
 
The old passwords are stored in /etc/security/pass-history unless you change the PASS_HISTORY constant.
 
Enjoy.