Remembering old passwords
Mikel Manitius
mikel at codas.att.com
Thu Feb 18 14:53:51 AEST 1988
In article <2178 at ttrdc.UUCP>, levy at ttrdc.UUCP (Daniel R. Levy) writes:
>
> Also -- if "passwd" unexpectedly refuses to let a user set a proposed password
> he has chosen, it would be a tipoff that he has stumbled over somebody else's
> current password.
This is why my original posting said that the old password table should
be indexed per user, so if the password is refused, then it can only
mean that THAT particular user used THAT particular password before.
This will also reduce the validation time, resulting in less calls
to crypt(3).
--
Mikel Manitius
mikel at codas.att.com
More information about the Comp.unix.wizards
mailing list