diff options
Diffstat (limited to 'doc/modules/pam_cracklib.sgml')
-rw-r--r-- | doc/modules/pam_cracklib.sgml | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/doc/modules/pam_cracklib.sgml b/doc/modules/pam_cracklib.sgml index f5b2359a..031a440e 100644 --- a/doc/modules/pam_cracklib.sgml +++ b/doc/modules/pam_cracklib.sgml @@ -70,12 +70,19 @@ Is the new password the the old one with only a change of case? <item> <bf/Similar/ - -Is the new password too much like the old one? This is controlled -by one argument, <tt/difok/ which is a number of characters that if -different between the old and new are enough to accept the new +Is the new password too much like the old one? This is primarily +controlled by one argument, <tt/difok/ which is a number of characters +that if different between the old and new are enough to accept the new password, this defaults to 10 or 1/2 the size of the new password whichever is smaller. +To avoid the lockup associated with trying to change a long and +complicated password, <tt/difignore/ is available. This argument can +be used to specify the minimum length a new password needs to be +before the <tt/difok/ value is ignored. The default value for +<tt/difignore/ is 23. + + <item> <bf/Simple/ - Is the new password too small? This is controlled by 5 arguments |