On Mon, Feb 23, 2004 at 12:25:27AM +0000, Bruce J.A. Nourish wrote:
> On Sun, Feb 22, 2004 at 11:08:21PM +0100, Vincent van Scherpenseel wrote:
> > Hello,
> > 
> > Is it possible to change the password demands set for passwd? In example: if a 
> > user enters a password shorter than x characters, it will be rejected. Or, if 
> > a user enters a password containing only letters, it will be rejected. I know 
> > there are some demands set by default, but they are not forced (users are 
> > adviced to choose a different password, but they don't *have* to). Also I 
> > would like to change the minimum password length. Is it possible to change 
> > this, and if yes, where?
> 
> The software you really want for this is cracklib, security/libcrack in
> pkgsrc. The problem with this is that you have to modify passwd to make
> the cracklib FacistCheck() call. This isn't particularly hard, but then 
> your local src tree is divergent from the NetBSD tree, with all the 
> maintainence agony that brings. For a large site with many lusers the
> benefits would be worthwhile, but it's probably too much hassle for
> everyone else.

How about having passwd run an external program that accepts the 
proposed new password on stdin?  A response could be ACCEPT or REJECT.

Use of this could be enabled by login.conf. 





No, I'm not volunteering. 
-- 
Kevin P. Neal                                http://www.pobox.com/~kpn/
"Not even the dumbest terrorist would choose an encryption program that
 allowed the U.S. government to hold the key." -- (Fortune magazine
    is smarter than the US government, Oct 29 2001, page 196.)