Re: [Pam-developers] New option max_sequels for pam_cracklib
On Tue, Jun 19, 2012 at 11:53:53AM +0200, Tomas Mraz wrote:
Hello,
the attached patch provides a new option max_sequels for pam_cracklib
that checks for maximum length of a monotonic character sequence in the
new password such as 123456 or abcdef... The check is off by default.
If the feature and the patch is ok for you I'll add appropriate
documentation of it to pam_cracklib manpage and commit.
I don't think this is a very clear name at all for the option. maybe
"sequence" is better than "sequels"?
In cards this would be called a "straight"; I don't know if that's too
jargony to be used here, but it's a more precise description of this than
anything else I can think of at the moment.
@@ -622,6 +660,9 @@ static const char *password_check(pam_handle_t
*pamh, struct cracklib_options *o
if (!msg && consecutive(opt, new))
msg = _("contains too many same characters consecutively");
+ if (!msg && sequels(opt, new))
+ msg = _("contains too long monotonic character sequences");
+
if (!msg && (usercheck(opt, newmono, usermono) || gecoscheck(pamh, opt,
newmono, user)))
msg = _("contains the user name in some form");
--> "contains too long of a monotonic character sequence"
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek(a)ubuntu.com vorlon(a)debian.org
Attachments:
- signature.asc (application/pgp-signature — 836 bytes)