freeipa

Clone
Source Code
GIT

c4cca53 Extend password policy to evaluate passwords using libpwpolicy

Authored and Committed by rcritten 3 years ago
raw patch tree parent
3 files changed. 107 lines added. 5 lines removed.
daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
file modified
+11 -1
util/ipa_pwd.c
file modified
+84 -3
util/ipa_pwd.h
file modified
+12 -1 
    Extend password policy to evaluate passwords using libpwpolicy
    
    Enable checking:
    
    maxrepeat - reject passwrods which contain more than N consecutive
                characters.
    maxsequence - rejected passwords which contain character sequences
                  (abcde).
    dictcheck - check passwords using cracklib
    usercheck - check whether the password contains the user name.
    
    The class checking provided by libpwpolicy is not used because this
    overlaps with the existing IPA checking. This includes the options
    dcredit, ucredit, lcredit, ocredit, minclass and maxclassrepeat.
    
    The pwquality min length is fixed at 6 so if there is a conflict between
    the system policy and pwquality log that length is enforced at 6.
    
    https://pagure.io/freeipa/issue/6964
    https://pagure.io/freeipa/issue/5948
    https://pagure.io/freeipa/issue/2445
    https://pagure.io/freeipa/issue/298
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
file modified
+11 -1
file modified
+84 -3
file modified
+12 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.