On Fri, Aug 20, 2004 at 05:24:10PM +1200, William Brower wrote: > This is re-opening an old thread (June 2004), but I now have > clarification on the language within the US Army Regulation 25-2 > regarding required password strength. I appreciate this, thanks. > Given this requirement, would there be any consideration given by the > pam_passwdqc maintainers to modify the tool to help us enforce AR25-2 ? > Specifically, pam_passwdqc would have to be able to require N characters > from a given character set, as opposed to 0 or 1 as it now does. Yes, I'll consider this enhancement, although I find this requirement of AR25-2 unreasonable. But no promises yet. I'd need to find some "spare" time for this (unless your organization would be willing to sponsor the next release of pam_passwdqc :-) ), I'd need to make a determination of whether I do the minimum to satisfy the regulation or whether I implement something more generic, and I'd need to come up with a good name and syntax for the command-line option. -- Alexander _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list