Jo De Troy wrote: > Hi Nathan, Richard, > > I was thinking along the lines of pam_passwdqc, well part of it. > The password should contain at least 3 different character categories. > The categories being: lowercase, uppercase, special characters and numbers Yes, I'm working on implementing this. The minimum number of categories would be configurable by the administrator. > Not specifically a minumum number of uppercase/lowercase/... I'm making this configurable too. It'll be there, but you don't need to use it. > Off course there should be no user data in the password, it should not > even contain the username as a substring. But I think that code is > already in CVS. It's checking for cn, givenname, surname, ... attributes We currently check is the password is equal to uid, cn, sn, givenname, or ou. We do not check if it's a substring. I'm changing this behavior to check if it's a substring. > A dictionarry check would be nice but I would maybe make this optional. > I guess that if we make the rules too stringent the enduser may complain Default rules would be a minimum password length of 8 with a minimum of 3 character categories. It would also check the attribute values I mentioned above if thos values are 3 or more characters in length (this length would be configurable). It sounds like this would meet your requirements. -NGK > > Greetings, > Jo > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > >
