Issue #702 has been updated by Clément OUDOT. Category set to OpenLDAP check password
Hi, minPoints and the other are not the same. You can for example have this configuration: <pre> minPoints 3 useCracklib 0 minUpper 2 minLower 0 minDigit 1 minPunct 0 </pre> This means you do not require lower character, but user can use them if he wants. He should at least use 2 upper and 1 digit, but for example, this password match: AB1CD2EF3! ---------------------------------------- Bug #702: check_password.c not clear about minimum characters http://tools.lsc-project.org/issues/702 Author: Enrico Cavalli Status: New Priority: Normal Assigned to: Category: OpenLDAP check password Target version: At least for me, the check_password module is not very clear about minimum characters requested per class. For instance minLower=0 or minLower=1 has the same effect (so the first occurrence of a lower case character scores +1 quality point). How about changing the code like this? if ( minLower && islower(pPasswd[i]) ) This way a minLower=0 means that lower case letters do not contribute to complexity, independently of their quantity.... The same of course for uppercase, numbers, and punctuation. This is just a suggestion which comes from my understanding of the inner working of the module. It may be just a very stupid idea! Thank you anyway, Enrico. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
