On Tue, 2012-06-19 at 08:05 -0700, Steve Langasek wrote:
On Tue, Jun 19, 2012 at 11:53:53AM +0200, Tomas Mraz wrote:
> Hello,
> the attached patch provides a new option max_sequels for pam_cracklib
> that checks for maximum length of a monotonic character sequence in the
> new password such as 123456 or abcdef... The check is off by default.
Note that the option is maxsequence in the attached patch now.
> If the feature and the patch is ok for you I'll add
appropriate
> documentation of it to pam_cracklib manpage and commit.
I don't think this is a very clear name at all for the option. maybe
"sequence" is better than "sequels"?
In cards this would be called a "straight"; I don't know if that's too
jargony to be used here, but it's a more precise description of this than
anything else I can think of at the moment.
I am afraid that the 'straight'
would be too misleading if the card
jargon does not come to mind of the sysadmin. So I renamed the option
and variables in the code to 'sequence'.
> + if (!msg && sequels(opt, new))
> + msg = _("contains too long monotonic character sequences");
> +
> if (!msg && (usercheck(opt, newmono, usermono) || gecoscheck(pamh, opt,
newmono, user)))
> msg = _("contains the user name in some form");
>
--> "contains too long of a monotonic character sequence"
OK, fixed.
Please look at the final patch which also adds the man page changes.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb