use passwdqc it is in packages.
in login.conf under default I have:
:minpasswordlen=12:\
:login-tries=4:\
:passwordtries=3:\
:passwordcheck=/usr/local/libexec/passwdqc -3 12
Mark
On Tue, Oct 12, 2010 at 8:46 PM, Brad Tilley <[email protected]> wrote:
> I was experimenting with a program to meet PCI DSS 1.2 password length
> and content/complexity requirements and integrating it with login.conf
> for users who have shell access to OpenBSD systems. It seems to work as
> expected, but I wanted to run my configuration by misc.
>
> I appended the following two lines to the end of both default and staff
> in login.conf. Look OK?
>
> :passwordcheck=/path/to/program:\
> :passwordtries=0:
>
> I understand that it would be easy (and redundant) to use minpasswordlen
> to meet the length requirement, but it's easy to check that in the
> program itself.
>
> Brad
