Change the default settings.

difok = 1
*credits = 0
minlen = 8

4 files changed, 36 insertions, 39 deletions

diff --git a/doc/man/pam_pwquality.8 b/doc/man/pam_pwquality.8
index 5fd1af2..b1f35e3 100644
--- a/doc/man/pam_pwquality.8
+++ b/doc/man/pam_pwquality.8
@@ -4,7 +4,7 @@
 .de FN
 \fI\|\\$1\|\fP
 ..
-.TH PAM_PWQUALITY 8 "10 Nov 2011" "Red Hat, Inc."
+.TH PAM_PWQUALITY 8 "16 Jul 2015" "Red Hat, Inc."
 .SH NAME
 pam_pwquality \- PAM module to perform password quality checking
 .SH SYNOPSIS
@@ -50,7 +50,7 @@ by one argument,
 \fBdifok\fR
 which is a number of character changes (inserts, removals, or replacements)
 between the old and new password that are enough to accept the new
-password\&. This defaults to 5 changes\&.
+password\&.
 .RE
 .PP
 Simple
@@ -119,7 +119,7 @@ times before returning with error\&. The default is
 \fBdifok=\fR\fB\fIN\fR\fR
 .RS 4
 This argument will change the default of
-\fI5\fR
+\fI1\fR
 for the number of changes in the new password from the old password\&.
 .RE
 .PP
@@ -133,7 +133,7 @@ of character (\fIother\fR,
 \fIlower\fR
 and
 \fIdigit\fR)\&. The default for this parameter is
-\fI9\fR
+\fI8\fR
 \&. Note that there is a pair of length limits also in
 \fICracklib\fR,
 which is used for dictionary checking, a "way too short" limit of 4 which
@@ -150,9 +150,9 @@ digits, each digit will count +1 towards meeting the current
 \fBminlen\fR
 value\&. The default for
 \fBdcredit\fR
-is 1 which is the recommended value for
-\fBminlen\fR
-less than 10\&.
+is
+\fI0\fR
+which means there is no bonus for digits in password\&.
 .sp
 (N < 0) This is the minimum number of digits that must be met for a new
 password\&.
@@ -168,10 +168,8 @@ upper case letters each letter will count +1 towards meeting the current
 value\&. The default for
 \fBucredit\fR
 is
-\fI1\fR
-which is the recommended value for
-\fBminlen\fR
-less than 10\&.
+\fI0\fR
+which means there is no bonus for upper case letters in password\&.
 .sp
 (N < 0) This is the minimum number of upper case letters that must be met
 for a new password\&.
@@ -185,10 +183,9 @@ new password\&. If you have less than or
 lower case letters, each letter will count +1 towards meeting the current
 \fBminlen\fR
 value\&. The default for
-\fBlcredit\fR
-is 1 which is the recommended value for
-\fBminlen\fR
-less than 10\&.
+is
+\fI0\fR
+which means there is no bonus for lower case letters in password\&.
 .sp
 (N < 0) This is the minimum number of lower case letters that must be met
 for a new password\&.
@@ -203,9 +200,9 @@ other characters, each character will count +1 towards meeting the current
 \fBminlen\fR
 value\&. The default for
 \fBocredit\fR
-is 1 which is the recommended value for
-\fBminlen\fR
-less than 10\&.
+is
+\fI0\fR
+which means there is no bonus for other characters in password\&.
 .sp
 (N < 0) This is the minimum number of other characters that must be met for
 a new password\&.
diff --git a/doc/man/pwquality.conf.5 b/doc/man/pwquality.conf.5
index 5eda65e..a2d2d70 100644
--- a/doc/man/pwquality.conf.5
+++ b/doc/man/pwquality.conf.5
@@ -4,7 +4,7 @@
 .de FN
 \fI\|\\$1\|\fP
 ..
-.TH PWQUALITY.CONF 5 "10 Nov 2011" "Red Hat, Inc."
+.TH PWQUALITY.CONF 5 "16 Jul 2015" "Red Hat, Inc."
 .SH NAME
 pwquality.conf \- configuration for the libpwquality library
 .SH SYNOPSIS
@@ -27,41 +27,41 @@ The possible options in the file are:
 \fBdifok\fR
 .RS 4
 Number of characters in the new password that must not be present in the
-old password. (default 5)
+old password. (default 1)
 .RE
 .PP
 \fBminlen\fR
 .RS 4
 Minimum acceptable size for the new password (plus one if credits are not
 disabled which is the default). (See \fIpam_pwquality(8)\fR.)
-Cannot be set to lower value than 6. (default 9)
+Cannot be set to lower value than 6. (default 8)
 .RE
 .PP
 \fBdcredit\fR
 .RS 4
 The maximum credit for having digits in the new password. If less than 0
-it is the minimum number of digits in the new password. (default 1)
+it is the minimum number of digits in the new password. (default 0)
 .RE
 .PP
 \fBucredit\fR
 .RS 4
 The maximum credit for having uppercase characters in the new password.
 If less than 0 it is the minimum number of uppercase characters in the new
-password. (default 1)
+password. (default 0)
 .RE
 .PP
 \fBlcredit\fR
 .RS 4
 The maximum credit for having lowercase characters in the new password.
 If less than 0 it is the minimum number of lowercase characters in the new
-password. (default 1)
+password. (default 0)
 .RE
 .PP
 \fBocredit\fR
 .RS 4
 The maximum credit for having other characters in the new password.
 If less than 0 it is the minimum number of other characters in the new
-password. (default 1)
+password. (default 0)
 .RE
 .PP
 \fBminclass\fR
diff --git a/src/pwqprivate.h b/src/pwqprivate.h
index fa89baf..692fae6 100644
--- a/src/pwqprivate.h
+++ b/src/pwqprivate.h
@@ -1,8 +1,8 @@
 /*
  * libpwquality internal header
  *
- * Copyright (c) Red Hat, Inc, 2011
- * Copyright (c) Tomas Mraz <tm@t8m.info>, 2011
+ * Copyright (c) Red Hat, Inc, 2011,2015
+ * Copyright (c) Tomas Mraz <tm@t8m.info>, 2011, 2015
  *
  * See the end of the file for the License Information
  */
@@ -34,12 +34,12 @@ struct setting_mapping {
         int type;
 };
 
-#define PWQ_DEFAULT_DIFF_OK      5
-#define PWQ_DEFAULT_MIN_LENGTH   9
-#define PWQ_DEFAULT_DIG_CREDIT   1
-#define PWQ_DEFAULT_UP_CREDIT    1
-#define PWQ_DEFAULT_LOW_CREDIT   1
-#define PWQ_DEFAULT_OTH_CREDIT   1
+#define PWQ_DEFAULT_DIFF_OK      1
+#define PWQ_DEFAULT_MIN_LENGTH   8
+#define PWQ_DEFAULT_DIG_CREDIT   0
+#define PWQ_DEFAULT_UP_CREDIT    0
+#define PWQ_DEFAULT_LOW_CREDIT   0
+#define PWQ_DEFAULT_OTH_CREDIT   0
 
 #define PWQ_TYPE_INT             1
 #define PWQ_TYPE_STR             2
diff --git a/src/pwquality.conf b/src/pwquality.conf
index cec450f..75e8db8 100644
--- a/src/pwquality.conf
+++ b/src/pwquality.conf
@@ -3,31 +3,31 @@
 #
 # Number of characters in the new password that must not be present in the
 # old password.
-# difok = 5
+# difok = 1
 #
 # Minimum acceptable size for the new password (plus one if
 # credits are not disabled which is the default). (See pam_cracklib manual.)
 # Cannot be set to lower value than 6.
-# minlen = 9
+# minlen = 8
 #
 # The maximum credit for having digits in the new password. If less than 0
 # it is the minimum number of digits in the new password.
-# dcredit = 1
+# dcredit = 0
 #
 # The maximum credit for having uppercase characters in the new password.
 # If less than 0 it is the minimum number of uppercase characters in the new
 # password.
-# ucredit = 1
+# ucredit = 0
 #
 # The maximum credit for having lowercase characters in the new password.
 # If less than 0 it is the minimum number of lowercase characters in the new
 # password.
-# lcredit = 1
+# lcredit = 0
 #
 # The maximum credit for having other characters in the new password.
 # If less than 0 it is the minimum number of other characters in the new
 # password.
-# ocredit = 1
+# ocredit = 0
 #
 # The minimum number of required classes of characters for the new
 # password (digits, uppercase, lowercase, others).