Date: Thu, 16 Sep 2021 14:57:36 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 258535] Not having a NUMBER in min position N3 of pam_passwdqc.so configuration causes in valid password size Message-ID: <bug-258535-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258535 Bug ID: 258535 Summary: Not having a NUMBER in min position N3 of pam_passwdqc.so configuration causes in valid password size Product: Base System Version: 12.2-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Many People Priority: --- Component: conf Assignee: bugs@FreeBSD.org Reporter: jeff.lanzarotta@gmail.com When configuring PAM with the following line: ---- password requisite pam_passwdqc.so min=3Ddisabled,disabled,disabled,disable= d,8 max=3D40 similar=3Ddeny retry=3D3 random=3D0 ask_oldauthtok enforce=3Devery= one ---- and a change to a password is requested, the the following message is displayed: ---- You can now choose the new password. A valid password should be a mix of upper and lower case letters, digits and other characters. You can use a 2147483647 character long password with characters from at least 3 of these 4 classes, or an 8 character long password containing characters from all the classes. Characters that form a common pattern are discarded by the check. Enter new password: ---- In my opinion, having a 2147483647 character long password is a bit ridicul= ous. When pam_passwdqc.so encounters the word "disabled" it looks like it conve= rted to MAX_INT. Is there a better "default" character length that could be displayed? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-258535-227>