Greetings!

On the /etc/security, we have the following test:

if checkyesno check_passwd; then
	...
	if ($1 !~ /^[A-Za-z0-9]([-A-Za-z0-9]*[A-Za-z0-9])*$/)
		printf "Login %s has non-alphanumeric characters.\n", $1;
	...
fi

But the passwd(5) man page says:

	``The login name must never begin with a hyphen (``-''); also,
	it is strongly suggested that neither upper-case characters nor
	dots (``.'') be part of the name, as this tends to confuse
	mailers...''

Thus seems that [A-Z] testing in /etc/security violates the
recommendation, and some other allowed characters (such as "_") are not
included into expression.

Another issue is the regex itself. It allows the dash (``-'') characters
followed one each other, i.e.:

	a-----b
	abc---d---efg

Is it a normal behaviour? Although it is not restricted by passwd(5),
but looks strange.

Therefore, possible correct regex should be as follows:

	/^[a-z0-9]([-_]?[a-z0-9])*$/

It fixes the problems described above.

And yet another question - logins names, which uses the numbers only
(for example, "0", "12345678"). It can be accepted by many systems
without any problems, but looks strange enough like as "dashed" ones.

Any comments please?

--
Mishka.