From ddf3ac65b547f331400d235e64a1dddce8d42155 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 24 May 2012 13:40:24 +0200
Subject: pam_cracklib: Add enforce_for_root option.

modules/pam_cracklib/pam_cracklib.c (_pam_parse): Recognize the enforce_for_root option.
(pam_sm_chauthtok): Enforce errors for root with the option.
modules/pam_cracklib/pam_cracklib.8.xml: Document the enforce_for_root option.
---
 modules/pam_cracklib/pam_cracklib.8.xml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'modules/pam_cracklib/pam_cracklib.8.xml')

diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml
index 5022c753..7c0ae700 100644
--- a/modules/pam_cracklib/pam_cracklib.8.xml
+++ b/modules/pam_cracklib/pam_cracklib.8.xml
@@ -387,6 +387,20 @@
           </listitem>
         </varlistentry>
 
+        <varlistentry>
+          <term>
+            <option>enforce_for_root</option>
+          </term>
+          <listitem>
+            <para>
+              The module will return error on failed check also if the user
+              changing the password is root. This option is off by default
+              which means that just the message about the failed check is
+              printed but root can change the password anyway.
+            </para>
+          </listitem>
+        </varlistentry>
+
         <varlistentry>
           <term>
             <option>use_authtok</option>
-- 
cgit v1.2.3