Relevant BUGIDs: 115055

Purpose of commit: bugfix

Commit summary:
---------------
fixed the bogus logic in 'similiar' (renamed it to similar) and
documented the new override argument: difignore.

1 files changed, 10 insertions, 3 deletions

diff --git a/doc/modules/pam_cracklib.sgml b/doc/modules/pam_cracklib.sgml
index f5b2359a..031a440e 100644
--- a/doc/modules/pam_cracklib.sgml
+++ b/doc/modules/pam_cracklib.sgml
@@ -70,12 +70,19 @@ Is the new password the the old one with only a change of case?
 
 <item> <bf/Similar/ -
 
-Is the new password too much like the old one?  This is controlled
-by one argument, <tt/difok/ which is a number of characters that if
-different between the old and new are enough to accept the new
+Is the new password too much like the old one?  This is primarily
+controlled by one argument, <tt/difok/ which is a number of characters
+that if different between the old and new are enough to accept the new
 password, this defaults to 10 or 1/2 the size of the new password
 whichever is smaller.
 
+To avoid the lockup associated with trying to change a long and
+complicated password, <tt/difignore/ is available. This argument can
+be used to specify the minimum length a new password needs to be
+before the <tt/difok/ value is ignored. The default value for
+<tt/difignore/ is 23.
+
+
 <item> <bf/Simple/ -
 
 Is the new password too small?  This is controlled by 5 arguments