diff options
author | Sam Hartman <hartmans@debian.org> | 2023-09-11 14:00:42 -0600 |
---|---|---|
committer | Sam Hartman <hartmans@debian.org> | 2024-04-08 16:35:07 -0600 |
commit | bfbc862fc57c61bb8c1775113ad7ab0b29780fd8 (patch) | |
tree | 4adfe57f31060e4055a85949e396525eacb7743f /modules/pam_unix/pam_unix.8.xml | |
parent | 6d8c5e2a968a27447b1c5c0832c5d69b24d6c48b (diff) |
pam_unix: obscure checks
* Bring in the obscure checks that used to live in shadow so we can still support them
* Set default minimum password length to 6
Gbp-Pq: Name 0003-pam_unix-obscure-checks.patch
Diffstat (limited to 'modules/pam_unix/pam_unix.8.xml')
-rw-r--r-- | modules/pam_unix/pam_unix.8.xml | 77 |
1 files changed, 75 insertions, 2 deletions
diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index dfc04274..4e63a496 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -397,8 +397,81 @@ <listitem> <para> Set a minimum password length of <replaceable>n</replaceable> - characters. The max. for DES crypt based passwords are 8 - characters. + characters. The default value is 6. The maximum for DES + crypt-based passwords is 8 characters. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>obscure</option> + </term> + <listitem> + <para> + Enable some extra checks on password strength. These checks + are based on the "obscure" checks in the original shadow + package. The behavior is similar to the pam_cracklib + module, but for non-dictionary-based checks. The following + checks are implemented: + <variablelist> + <varlistentry> + <term> + <option>Palindrome</option> + </term> + <listitem> + <para> + Verifies that the new password is not a palindrome + of (i.e., the reverse of) the previous one. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>Case Change Only</option> + </term> + <listitem> + <para> + Verifies that the new password isn't the same as the + old one with a change of case. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>Similar</option> + </term> + <listitem> + <para> + Verifies that the new password isn't too much like + the previous one. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>Simple</option> + </term> + <listitem> + <para> + Is the new password too simple? This is based on + the length of the password and the number of + different types of characters (alpha, numeric, etc.) + used. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>Rotated</option> + </term> + <listitem> + <para> + Is the new password a rotated version of the old + password? (E.g., "billy" and "illyb") + </para> + </listitem> + </varlistentry> + </variablelist> </para> </listitem> </varlistentry> |