Subject: Re: security/10206 - proposed solution (concept)
To: None <>
From: Alan Barrett <>
List: tech-security
Date: 08/17/2005 00:26:07
On Wed, 17 Aug 2005, Elad Efrat wrote:
> An example entry in /etc/passwd.conf for at least 8 character passwords
> combining both upper/lower case and digits can be:
> policy:
>   minlen = 8
>   upper = yes
>   lower = yes
>   digits = yes

If I understand correctly, "upper = yes" really means "uppercase
characters are required", and "upper = no" really means "uppercase
characters are optional (not required)".  Or do I misunderstand, and
"upper = no" really means "uppercase characters are prohibited"?

I'd prefer to see keywords like "required", "optional" and "prohibited",
rather than "yes" and "no".

--apb (Alan Barrett)