diff options
author | Tomas Mraz <tmraz@redhat.com> | 2015-07-16 13:36:04 +0200 |
---|---|---|
committer | Tomas Mraz <tmraz@redhat.com> | 2015-07-16 13:36:04 +0200 |
commit | b0810b9b2555fcf4870420688da8878260c0261c (patch) | |
tree | 84d3cf12451c84d76963f07f3df6ce762111e702 | |
parent | 3a1d0a80b71ac9e8babef7d992db3c8509d32889 (diff) | |
download | libpwquality-b0810b9b2555fcf4870420688da8878260c0261c.tar.gz |
Change the default settings.
difok = 1
*credits = 0
minlen = 8
-rw-r--r-- | doc/man/pam_pwquality.8 | 33 | ||||
-rw-r--r-- | doc/man/pwquality.conf.5 | 14 | ||||
-rw-r--r-- | src/pwqprivate.h | 16 | ||||
-rw-r--r-- | src/pwquality.conf | 12 |
4 files changed, 36 insertions, 39 deletions
diff --git a/doc/man/pam_pwquality.8 b/doc/man/pam_pwquality.8 index 5fd1af2..b1f35e3 100644 --- a/doc/man/pam_pwquality.8 +++ b/doc/man/pam_pwquality.8 @@ -4,7 +4,7 @@ .de FN \fI\|\\$1\|\fP .. -.TH PAM_PWQUALITY 8 "10 Nov 2011" "Red Hat, Inc." +.TH PAM_PWQUALITY 8 "16 Jul 2015" "Red Hat, Inc." .SH NAME pam_pwquality \- PAM module to perform password quality checking .SH SYNOPSIS @@ -50,7 +50,7 @@ by one argument, \fBdifok\fR which is a number of character changes (inserts, removals, or replacements) between the old and new password that are enough to accept the new -password\&. This defaults to 5 changes\&. +password\&. .RE .PP Simple @@ -119,7 +119,7 @@ times before returning with error\&. The default is \fBdifok=\fR\fB\fIN\fR\fR .RS 4 This argument will change the default of -\fI5\fR +\fI1\fR for the number of changes in the new password from the old password\&. .RE .PP @@ -133,7 +133,7 @@ of character (\fIother\fR, \fIlower\fR and \fIdigit\fR)\&. The default for this parameter is -\fI9\fR +\fI8\fR \&. Note that there is a pair of length limits also in \fICracklib\fR, which is used for dictionary checking, a "way too short" limit of 4 which @@ -150,9 +150,9 @@ digits, each digit will count +1 towards meeting the current \fBminlen\fR value\&. The default for \fBdcredit\fR -is 1 which is the recommended value for -\fBminlen\fR -less than 10\&. +is +\fI0\fR +which means there is no bonus for digits in password\&. .sp (N < 0) This is the minimum number of digits that must be met for a new password\&. @@ -168,10 +168,8 @@ upper case letters each letter will count +1 towards meeting the current value\&. The default for \fBucredit\fR is -\fI1\fR -which is the recommended value for -\fBminlen\fR -less than 10\&. +\fI0\fR +which means there is no bonus for upper case letters in password\&. .sp (N < 0) This is the minimum number of upper case letters that must be met for a new password\&. @@ -185,10 +183,9 @@ new password\&. If you have less than or lower case letters, each letter will count +1 towards meeting the current \fBminlen\fR value\&. The default for -\fBlcredit\fR -is 1 which is the recommended value for -\fBminlen\fR -less than 10\&. +is +\fI0\fR +which means there is no bonus for lower case letters in password\&. .sp (N < 0) This is the minimum number of lower case letters that must be met for a new password\&. @@ -203,9 +200,9 @@ other characters, each character will count +1 towards meeting the current \fBminlen\fR value\&. The default for \fBocredit\fR -is 1 which is the recommended value for -\fBminlen\fR -less than 10\&. +is +\fI0\fR +which means there is no bonus for other characters in password\&. .sp (N < 0) This is the minimum number of other characters that must be met for a new password\&. diff --git a/doc/man/pwquality.conf.5 b/doc/man/pwquality.conf.5 index 5eda65e..a2d2d70 100644 --- a/doc/man/pwquality.conf.5 +++ b/doc/man/pwquality.conf.5 @@ -4,7 +4,7 @@ .de FN \fI\|\\$1\|\fP .. -.TH PWQUALITY.CONF 5 "10 Nov 2011" "Red Hat, Inc." +.TH PWQUALITY.CONF 5 "16 Jul 2015" "Red Hat, Inc." .SH NAME pwquality.conf \- configuration for the libpwquality library .SH SYNOPSIS @@ -27,41 +27,41 @@ The possible options in the file are: \fBdifok\fR .RS 4 Number of characters in the new password that must not be present in the -old password. (default 5) +old password. (default 1) .RE .PP \fBminlen\fR .RS 4 Minimum acceptable size for the new password (plus one if credits are not disabled which is the default). (See \fIpam_pwquality(8)\fR.) -Cannot be set to lower value than 6. (default 9) +Cannot be set to lower value than 6. (default 8) .RE .PP \fBdcredit\fR .RS 4 The maximum credit for having digits in the new password. If less than 0 -it is the minimum number of digits in the new password. (default 1) +it is the minimum number of digits in the new password. (default 0) .RE .PP \fBucredit\fR .RS 4 The maximum credit for having uppercase characters in the new password. If less than 0 it is the minimum number of uppercase characters in the new -password. (default 1) +password. (default 0) .RE .PP \fBlcredit\fR .RS 4 The maximum credit for having lowercase characters in the new password. If less than 0 it is the minimum number of lowercase characters in the new -password. (default 1) +password. (default 0) .RE .PP \fBocredit\fR .RS 4 The maximum credit for having other characters in the new password. If less than 0 it is the minimum number of other characters in the new -password. (default 1) +password. (default 0) .RE .PP \fBminclass\fR diff --git a/src/pwqprivate.h b/src/pwqprivate.h index fa89baf..692fae6 100644 --- a/src/pwqprivate.h +++ b/src/pwqprivate.h @@ -1,8 +1,8 @@ /* * libpwquality internal header * - * Copyright (c) Red Hat, Inc, 2011 - * Copyright (c) Tomas Mraz <tm@t8m.info>, 2011 + * Copyright (c) Red Hat, Inc, 2011,2015 + * Copyright (c) Tomas Mraz <tm@t8m.info>, 2011, 2015 * * See the end of the file for the License Information */ @@ -34,12 +34,12 @@ struct setting_mapping { int type; }; -#define PWQ_DEFAULT_DIFF_OK 5 -#define PWQ_DEFAULT_MIN_LENGTH 9 -#define PWQ_DEFAULT_DIG_CREDIT 1 -#define PWQ_DEFAULT_UP_CREDIT 1 -#define PWQ_DEFAULT_LOW_CREDIT 1 -#define PWQ_DEFAULT_OTH_CREDIT 1 +#define PWQ_DEFAULT_DIFF_OK 1 +#define PWQ_DEFAULT_MIN_LENGTH 8 +#define PWQ_DEFAULT_DIG_CREDIT 0 +#define PWQ_DEFAULT_UP_CREDIT 0 +#define PWQ_DEFAULT_LOW_CREDIT 0 +#define PWQ_DEFAULT_OTH_CREDIT 0 #define PWQ_TYPE_INT 1 #define PWQ_TYPE_STR 2 diff --git a/src/pwquality.conf b/src/pwquality.conf index cec450f..75e8db8 100644 --- a/src/pwquality.conf +++ b/src/pwquality.conf @@ -3,31 +3,31 @@ # # Number of characters in the new password that must not be present in the # old password. -# difok = 5 +# difok = 1 # # Minimum acceptable size for the new password (plus one if # credits are not disabled which is the default). (See pam_cracklib manual.) # Cannot be set to lower value than 6. -# minlen = 9 +# minlen = 8 # # The maximum credit for having digits in the new password. If less than 0 # it is the minimum number of digits in the new password. -# dcredit = 1 +# dcredit = 0 # # The maximum credit for having uppercase characters in the new password. # If less than 0 it is the minimum number of uppercase characters in the new # password. -# ucredit = 1 +# ucredit = 0 # # The maximum credit for having lowercase characters in the new password. # If less than 0 it is the minimum number of lowercase characters in the new # password. -# lcredit = 1 +# lcredit = 0 # # The maximum credit for having other characters in the new password. # If less than 0 it is the minimum number of other characters in the new # password. -# ocredit = 1 +# ocredit = 0 # # The minimum number of required classes of characters for the new # password (digits, uppercase, lowercase, others). |