diff options
author | Tomas Mraz <tmraz@redhat.com> | 2012-06-29 11:01:20 +0200 |
---|---|---|
committer | Tomas Mraz <tmraz@redhat.com> | 2012-06-29 11:01:20 +0200 |
commit | 6d66fc29db2f4739884f027d5942a9fe61d0a69e (patch) | |
tree | 4dafbe29f2905028dec3292c645349deba067d55 /doc | |
parent | 340c850953c3a8b36cd809412e96a0c5bfd052fb (diff) | |
download | libpwquality-6d66fc29db2f4739884f027d5942a9fe61d0a69e.tar.gz |
Add maxsequence check for too long monotonic character sequence.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man/pam_pwquality.8 | 26 | ||||
-rw-r--r-- | doc/man/pwquality.conf.5 | 9 |
2 files changed, 30 insertions, 5 deletions
diff --git a/doc/man/pam_pwquality.8 b/doc/man/pam_pwquality.8 index b8269de..863480f 100644 --- a/doc/man/pam_pwquality.8 +++ b/doc/man/pam_pwquality.8 @@ -27,7 +27,7 @@ new authentication token\&. The strength checks works in the following manner: at first the \fBCracklib\fR routine is called to check if the password is part of a dictionary; if this -is not the case an additional set of strength checks are done\&. These checks +is not the case an additional set of strength checks is done\&. These checks are: .PP Palindrome @@ -45,14 +45,16 @@ Similar Is the new password too much like the old one? This is primarily controlled by one argument, \fBdifok\fR -which is a number of changes between the old and new are enough to accept -the new password\&. +which is a number of character changes (inserts, removals, or replacements) +between the old and new password that are enough to accept the new +password\&. This defaults to 5 changes\&. .RE .PP Simple .RS 4 -Is the new password too small? This is controlled by 5 arguments +Is the new password too small? This is controlled by 6 arguments \fBminlen\fR, +\fBmaxclassrepeat\fR, \fBdcredit\fR, \fBucredit\fR, \fBlcredit\fR, and @@ -70,9 +72,14 @@ Same consecutive characters Optional check for same consecutive characters\&. .RE .PP +Too long monotonic character sequence +.RS 4 +Optional check for too long monotonic character sequence\&. +.RE +.PP Contains user name .RS 4 -Optional check whether the password contains the user name in some form\&. +Optional check whether the password contains the user\*(Aqs name in some form\&. .RE .PP These checks are configurable either by use of the module arguments @@ -217,6 +224,15 @@ Reject passwords which contain more than N same consecutive characters\&. The default is 0 which means that this check is disabled\&. .RE .PP +\fBmaxsequence=\fR\fB\fIN\fR\fR +.RS 4 +Reject passwords which contain monotonic character sequences longer than N\&. +The default is 0 which means that this check is disabled\&. +Examples of such sequence are \*(Aq12345\*(Aq or \*(Aqfedcb\*(Aq\&. Note that +most such passwords will not pass the simplicity check unless the sequence +is only a minor part of the password\&. +.RE +.PP \fBmaxclassrepeat=\fR\fB\fIN\fR\fR .RS 4 Reject passwords which contain more than N consecutive characters of the diff --git a/doc/man/pwquality.conf.5 b/doc/man/pwquality.conf.5 index 050d4eb..5302e50 100644 --- a/doc/man/pwquality.conf.5 +++ b/doc/man/pwquality.conf.5 @@ -73,6 +73,15 @@ The maximum number of allowed same consecutive characters in the new password. The check is disabled if the value is 0. (default 0) .RE .PP +\fBmaxsequence\fR +.RS 4 +The maximum length of monotonic character sequences in the new password. +Examples of such sequence are \*(Aq12345\*(Aq or \*(Aqfedcb\*(Aq\&. Note +that most such passwords will not pass the simplicity check unless +the sequence is only a minor part of the password. +The check is disabled if the value is 0. (default 0) +.RE +.PP \fBmaxclassrepeat\fR .RS 4 The maximum number of allowed consecutive characters of the same class in the |