pwquality: password policy updates
pwquality.conf provides a way to configure the password quality
requirements. This file is used by libpwquality library and utilities
for checking and generating passwords.
This commit enforces below additional password quality requirements
- The minimum number of required classes of characters for the new
password (digits, uppercase, lowercase, others).
minclass=2
- Whether to check for the words from the cracklib dictionary.
The check is enabled if the value is not 0.
dictcheck=1
- Whether to check if it contains the user name in some form.
The check is enabled if the value is not 0.
usercheck=1
- The maximum length of monotonic character sequences in the new password.
Examples of such sequence are '12345' or 'fedcb'. Note that most such
passwords will not pass the simplicity check unless the sequence is only
a minor part of the password. The check is disabled if the value is 0.
(default 0)
maxsequence=1
Tested: p10 build verified.
Change-Id: I4cad5685646640f938cad4847ee930fd953994b7
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
diff --git a/meta-phosphor/recipes-extended/libpwquality/libpwquality/pwquality.conf b/meta-phosphor/recipes-extended/libpwquality/libpwquality/pwquality.conf
index 048c0fd..5a54dc7 100644
--- a/meta-phosphor/recipes-extended/libpwquality/libpwquality/pwquality.conf
+++ b/meta-phosphor/recipes-extended/libpwquality/libpwquality/pwquality.conf
@@ -5,3 +5,7 @@
ocredit=0
dcredit=0
ucredit=0
+minclass=2
+usercheck=1
+dictcheck=1
+maxsequence=3