Op 17-06-2007 om 21:21 schreef Masami Ichikawa: <snip/> > + # password shouldn't contain login account. > + ret=`echo $passwd | grep -ci $user` > + if test $ret = 1; then > + if test $passwd_len -ge $user_len; then > + return 0 > + fi > + fi
If I understand the above code snippet correct, then it does allow user='root' and password='root' and does depend on further checks. Please simply to source code into + ret=`echo $passwd | grep -ci $user` + if test $ret = 1; then + return 0 + fi It does better match + # password shouldn't contain login account. and it will prevent user='R00tme' with pasword='R00tme' <snip/> > --- debian/user-setup-udeb.templates (revision 47268) > +++ debian/user-setup-udeb.templates (working copy) > @@ -110,6 +117,12 @@ > You entered an empty password, which is not allowed. > Please choose a non-empty password. > > +Template: user-setup/chkpasswdstrength-bad > +Type: error > +_Description: Weak password > + choose another password that does contain numbers, upper and lower > + case characters. > + Nitpicking: Start 'choose' with a capital. Thanks for the patch Some one who should find out, if he could had apply the patch into versioning system. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
