The following reply was made to PR bin/10206; it has been noted by GNATS.

From: Elad Efrat <elad@NetBSD.org>
To: tech-security@netbsd.org
Cc: gnats-bugs@netbsd.org
Subject: re: security/10206 - proposed solution (concept)
Date: Wed, 17 Aug 2005 01:05:22 +0300

 Hi,
 
 I've written concept code, still work in progress, that allows an
 admin to set a password policy in /etc/passwd.conf.
 
 The current version has the following options when setting a policy:
 minlen, maxlen, upper, lower, digits, punct.
 
 minlen/maxlen - define the min. and max. length of the password. Zero
 means no limit.
 upper/lower/digits/punct - define what character sets are required to
 be in the password. The first word should be ``yes'' or ``no''; an
 optional argument can be in the form of ``N,M'', requiring at least
 N characters of that class, but not more than M characters. Zero means
 no limit here too.
 
 An example entry in /etc/passwd.conf for at least 8 character passwords
 combining both upper/lower case and digits can be:
 
 policy:
   minlen = 8
   upper = yes
   lower = yes
   digits = yes
 
 The code is available from
 ftp://ftp.netbsd.org/pub/NetBSD/misc/elad/policy.c. It can very easily
 be extended to support more policies. (for example, dictionary lists, if
 people still care :)
 
 Comments?
 
 -e.
 
 -- 
 Elad Efrat
 PGP Key ID: 0x666EB914