1 files changed, 123 insertions, 0 deletions

diff --git a/doc/man/pwquality.conf.5.pod b/doc/man/pwquality.conf.5.pod
new file mode 100644
index 0000000..94e61b6
--- /dev/null
+++ b/doc/man/pwquality.conf.5.pod
@@ -0,0 +1,123 @@
+=pod
+
+=head1 NAME
+
+pwquality.conf - configuration for the libpwquality library
+
+=head1 SYNOPSIS
+
+F</etc/security/pwquality.conf>
+
+F</etc/security/pwquality.conf.d/*.conf>
+
+=head1 DESCRIPTION
+
+B<pwquality.conf> provides a way to configure the default password
+quality requirements for the system passwords. This file is read by the
+libpwquality library and utilities that use this library for checking
+and generating passwords.
+
+The file has a very simple I<name = value> format with possible comments
+starting with C<#> character. The whitespace at the beginning of line, end
+of line, and around the C<=> sign is ignored.
+
+The libpwquality library also first reads all F<*.conf> files from the
+F</etc/security/pwquality.conf.d> directory in ASCII sorted order. The
+values of the same settings are overriden in the order the files are parsed.
+
+=head1 OPTIONS
+
+The possible options in the file are:
+
+=over 4
+
+=item B<difok>
+
+Number of characters in the new password that must not be present in the
+old password. (default 1)
+
+=item B<minlen>
+
+Minimum acceptable size for the new password (plus one if credits are not
+disabled which is the default). (See L<pam_pwquality(8)>.)
+Cannot be set to lower value than 6. (default 8)
+
+=item B<dcredit>
+
+The maximum credit for having digits in the new password. If less than 0
+it is the minimum number of digits in the new password. (default 0)
+
+=item B<ucredit>
+
+The maximum credit for having uppercase characters in the new password.
+If less than 0 it is the minimum number of uppercase characters in the new
+password. (default 0)
+
+=item B<lcredit>
+
+The maximum credit for having lowercase characters in the new password.
+If less than 0 it is the minimum number of lowercase characters in the new
+password. (default 0)
+
+=item B<ocredit>
+
+The maximum credit for having other characters in the new password.
+If less than 0 it is the minimum number of other characters in the new
+password. (default 0)
+
+=item B<minclass>
+
+The minimum number of required classes of characters for the new
+password (digits, uppercase, lowercase, others). (default 0)
+
+=item B<maxrepeat>
+
+The maximum number of allowed same consecutive characters in the new password.
+The check is disabled if the value is 0. (default 0)
+
+=item B<maxsequence>
+
+The maximum length of monotonic character sequences in the new password.
+Examples of such sequence are '12345' or 'fedcb'. Note
+that most such passwords will not pass the simplicity check unless
+the sequence is only a minor part of the password.
+The check is disabled if the value is 0. (default 0) 
+
+=item B<maxclassrepeat>
+
+The maximum number of allowed consecutive characters of the same class in the
+new password.
+The check is disabled if the value is 0. (default 0)
+
+=item B<gecoscheck>
+
+If nonzero, check whether the words longer than 3 characters from the I<GECOS>
+field of the user's L<passwd(5)> entry are contained in the new password.
+The check is disabled if the value is 0. (default 0)
+
+=item B<dictcheck>
+
+If nonzero, check whether the password (with possible modifications)
+matches a word in a dictionary. Currently the dictionary check is performed
+using the cracklib library. (default 1)
+
+=item B<badwords>
+
+Space separated list of words that must not be contained in the password. These
+are additional words to the cracklib dictionary check. This setting can be
+also used by applications to emulate the gecos check for user accounts that are
+not created yet.
+
+=item B<dictpath>
+
+Path to the cracklib dictionaries. Default is to use the cracklib default.
+
+=back
+
+=head1 SEE ALSO
+
+L<pwscore(1)>, L<pwmake(1)>, L<pam_pwquality(8)>
+
+=head1 AUTHORS
+
+Tomas Mraz <tmraz@redhat.com>