Issue #702 has been updated by David Coutadeur.
I disagree. This is not a bug, but indeed the way min* are working are not easy to understand and fulfill a very precise working case. minDigit = 1 does NOT mean that you must have 1 digit at minimum, but it means that, for having 1 point, you MUST have at least 1 digit. As a consequence, in password module, there is currently no way to indicate a minimum number of a certain character class. This functionnality has never been provided. More: the module architecture is not built to support this. This is why - among other reasons - I have a created a new module: ppm (password policy module), which you can find here: http://ltb-project.org/wiki/documentation/openldap-rpm https://github.com/davidcoutadeur/ppm Code source and packages for Debian / Red-Hat are available. ---------------------------------------- Bug #702: check_password.c not clear about minimum characters http://tools.lsc-project.org/issues/702 Author: Enrico Cavalli Status: New Priority: Normal Assigned to: Category: OpenLDAP check password Target version: openldap-check-password-? At least for me, the check_password module is not very clear about minimum characters requested per class. For instance minLower=0 or minLower=1 has the same effect (so the first occurrence of a lower case character scores +1 quality point). How about changing the code like this? if ( minLower && islower(pPasswd[i]) ) This way a minLower=0 means that lower case letters do not contribute to complexity, independently of their quantity.... The same of course for uppercase, numbers, and punctuation. This is just a suggestion which comes from my understanding of the inner working of the module. It may be just a very stupid idea! Thank you anyway, Enrico. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
