How do
[cc'd JKH: Assuming this passes review, can I put it in 4.0 and MFC? ]
passwd(1) normally enforces mixed case passwords -- or at least it forces
you to enter the lower case password several times before it will actually
let you use it.
This is a pain if you're using the Unix password file in a situation where
lower case passwords are useful. For example, Windows 9x lower cases
passwords before sending them on to Samba for authentication. You can
sort of work around this in Samba with the "password level" smb.conf
setting, but that's a bit of a hack.
It's also a pain if you have to tell your users, when changing their
passwords, that they have to enter the same password several times
before the change will be accepted. They ask complicated questions
like "Why should I?", and then they walk off without listening to the
answer. . .
So, attached is a tiny patch that teaches passwd(1) about a new login.conf
setting, "mixpasswordcase".
By default, everything is exactly as it was before. However, if you have
:mixpasswordcase@:
somewhere appropriate in your login.conf file, passwd(1) will allow lower
case passwords for those users without further complaint.
Thoughts?
N
--
If you want to imagine the future, imagine a tennis shoe stamping
on a penguin's face forever.
--- with apologies to George Orwell
Index: local_passwd.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/passwd/local_passwd.c,v
retrieving revision 1.23
diff -u -r1.23 local_passwd.c
--- local_passwd.c 1999/08/28 01:04:51 1.23
+++ local_passwd.c 2000/02/08 19:25:05
@@ -95,6 +95,7 @@
int nis;
{
int tries, min_length = 6;
+ int force_mix_case = 1;
char *p, *t;
#ifdef LOGIN_CAP
login_cap_t * lc;
@@ -114,7 +115,8 @@
#ifdef LOGIN_CAP
/*
- * Determine minimum password length and next password change date.
+ * Determine minimum password length, next password change date,
+ * and whether or not to force mixed case passwords.
* Note that even for NIS passwords, login_cap is still used.
*/
if ((lc = login_getpwclass(pw)) != NULL) {
@@ -128,6 +130,8 @@
if (period > (time_t)0) {
pw->pw_change = time(NULL) + period;
}
+ /* mixpasswordcase capability */
+ force_mix_case = login_getcapbool(lc, "mixpasswordcase", 1);
login_close(lc);
}
#endif
@@ -142,10 +146,13 @@
(void)printf("Please enter a password at least %d characters
in length.\n", min_length);
continue;
}
- for (t = p; *t && islower(*t); ++t);
- if (!*t && (uid != 0 || ++tries < 2)) {
- (void)printf("Please don't use an all-lower case
password.\nUnusual capitalization, control characters or digits are suggested.\n");
- continue;
+
+ if (force_mix_case) {
+ for (t = p; *t && islower(*t); ++t);
+ if (!*t && (uid != 0 || ++tries < 2)) {
+ (void)printf("Please don't use an all-lower case
+password.\nUnusual capitalization, control characters or digits are suggested.\n");
+ continue;
+ }
}
(void)strcpy(buf, p);
if (!strcmp(buf, getpass("Retype new password:")))
Index: passwd.1
===================================================================
RCS file: /home/ncvs/src/usr.bin/passwd/passwd.1,v
retrieving revision 1.16
diff -u -r1.16 passwd.1
--- passwd.1 1999/08/28 01:04:51 1.16
+++ passwd.1 2000/02/08 19:14:50
@@ -70,8 +70,17 @@
Its total length must be less than
.Dv _PASSWORD_LEN
(currently 128 characters).
-Numbers, upper case letters and meta characters
-are encouraged.
+.Pp
+The new password should contain a mixture of upper and lower case
+characters (which may be overridden using the
+.Xr login.conf 5
+.if t ``mixpasswordcase''
+.if n "mixpasswordcase"
+setting for a user's login class). Allowing lower case passwords may
+be useful where the password file will be used in situations where only
+lower case passwords are permissable, such as when using Samba to
+authenticate Windows clients. In all other situations, numbers, upper
+case letters and meta characters are encouraged.
.Pp
Once the password has been verified,
.Nm passwd
