Relevant BUGIDs: 413162

Purpose of commit: new feature Commit summary: --------------- pam_cracklib enhancements to make use of negative limits. Werner Puschitz gets brownie points for submitting documentation to match!
author: Andrew G. Morgan <morgan@kernel.org> 2001-06-24 22:54:05 +0000
committer: Andrew G. Morgan <morgan@kernel.org> 2001-06-24 22:54:05 +0000
commit: f97d55b623cd851283a42b9807292ce751029218 (patch)
tree: b8718a50eb322afbd65b142ec16f541dc840536d /doc
parent: d9f17b20fb20658e3eb3ff74a9eb635f14ba2d06 (diff)
download: pam-f97d55b623cd851283a42b9807292ce751029218.tar.gz
pam-f97d55b623cd851283a42b9807292ce751029218.tar.bz2
pam-f97d55b623cd851283a42b9807292ce751029218.zip
1 files changed, 48 insertions, 9 deletions
diff --git a/doc/modules/pam_cracklib.sgml b/doc/modules/pam_cracklib.sgml
index 97b284de..061a8a21 100644
--- a/doc/modules/pam_cracklib.sgml
+++ b/doc/modules/pam_cracklib.sgml
@@ -169,8 +169,9 @@ are different then the new password will be accepted anyway.
 
 <item> <tt/minlen=N/ -
 
-The minimum acceptable size for the new password plus one.  In
-addition to the number of characters in the new password, credit (of
+The minimum acceptable size for the new password (plus one if credits 
+are not disabled which is the default).
+In addition to the number of characters in the new password, credit (of
 +1 in length) is given for each different kind of character (<em>other,
 upper, lower</em> and <em/digit/).  The default for this parameter is
 9 which is good for a old style UNIX password all of the same type of
@@ -184,34 +185,39 @@ the crack library and then recompile this module.
 
 <item> <tt/dcredit=N/ -
 
-This is the maximum credit for having digits in the new password. If
+(N >= 0) This is the maximum credit for having digits in the new password. If
 you have less than or <tt/N/ digits, each digit will count +1 towards
 meeting the current <tt/minlen/ value.  The default for <tt/dcredit/
 is 1 which is the recommended value for <tt/minlen/ less than 10.
+(N < 0) This is the minimum number of digits that must be met for a new 
+password.
 
 <item> <tt/ucredit=N/ -
 
-This is the maximum credit for having upper case letters in the new
+(N >= 0) This is the maximum credit for having upper case letters in the new
 password.  If you have less than or <tt/N/ upper case letters each
 letter will count +1 towards meeting the current <tt/minlen/ value.
 The default for <tt/ucredit/ is 1 which is the recommended value for
-<tt/minlen/ less than 10.
+<tt/minlen/ less than 10. (N < 0) This is the minimum number of upper 
+case letters that must be met for a new password.
 
 <item> <tt/lcredit=N/ -
 
-This is the maximum credit for having lower case letters in the new
+(N >= 0) This is the maximum credit for having lower case letters in the new
 password.  If you have less than or <tt/N/ lower case letters, each
 letter will count +1 towards meeting the current <tt/minlen/ value.
 The default for <tt/lcredit/ is 1 which is the recommended value for
-<tt/minlen/ less than 10.
+<tt/minlen/ less than 10. (N < 0) This is the minimum number of lower 
+case letters that must be met for a new password.
 
 <item> <tt/ocredit=N/ -
 
-This is the maximum credit for having other characters in the new
+(N >= 0) This is the maximum credit for having other characters in the new
 password.  If you have less than or <tt/N/ other characters, each
 character will count +1 towards meeting the current <tt/minlen/ value.
 The default for <tt/ocredit/ is 1 which is the recommended value for
-<tt/minlen/ less than 10.
+<tt/minlen/ less than 10. (N < 0) This is the minimum number of other 
+characters that must be met for a new password.
 
 <item> <tt/use_authtok/ -
 
@@ -258,6 +264,39 @@ password  required pam_pwdb.so use_authtok nullok md5
 </verb>
 </tscreen>
 
+<p>
+And here is another example in case you don't want to use credits:
+<tscreen>
+<verb>
+#%PAM-1.0
+#
+# These lines require the user to select a password with a minimum
+# length of 8 and with at least 1 digit number, 1 upper case letter,
+# and 1 other character
+#
+password  required pam_cracklib.so \
+               dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
+password  required pam_pwdb.so use_authtok nullok md5
+</verb>
+</tscreen>
+
+<p>
+In this example we simply say that the password must have a minimum 
+length of 8:
+<tscreen>
+<verb>
+#%PAM-1.0
+#
+# These lines require the user to select a password with a mimimum
+# length of 8. He gets no credits and he is not forced to use
+# digit numbers, upper case letters etc.
+#
+password  required pam_cracklib.so \
+               dcredit=0 ucredit=0 ocredit=0 lcredit=0 minlen=8
+password  required pam_pwdb.so use_authtok nullok md5
+</verb>
+</tscreen>
+
 </descrip>
 
 <!--
author	Andrew G. Morgan <morgan@kernel.org>	2001-06-24 22:54:05 +0000
committer	Andrew G. Morgan <morgan@kernel.org>	2001-06-24 22:54:05 +0000
commit	f97d55b623cd851283a42b9807292ce751029218 (patch)
tree	b8718a50eb322afbd65b142ec16f541dc840536d /doc
parent	d9f17b20fb20658e3eb3ff74a9eb635f14ba2d06 (diff)
download	pam-f97d55b623cd851283a42b9807292ce751029218.tar.gz pam-f97d55b623cd851283a42b9807292ce751029218.tar.bz2 pam-f97d55b623cd851283a42b9807292ce751029218.zip