head	1.1;
access;
symbols;
locks; strict;
comment	@# @;


1.1
date	96.05.21.04.55.00;	author morgan;	state Exp;
branches;
next	;


desc
@@


1.1
log
@Initial revision
@
text
@# password tests
# format of the GECOS field

# These formats are suitable for the normal Linux system.
GECOS:		"%[^,],%[^,],%[^,],%[^,],%s" n o t x
GECOS:		"%[^,]" n

# what to log
LOGLEVEL:	all,!debug	> /etc/passwd.log

# Number of significant characters in the password for the tests
SIGCHARS:	8

#
# general tests
#
%#p<6				password must be at least 6 chars long
%#b=%#p&&%-v=0			if alphabetic chars, must be mixed case
"%*p"=~"^%*q$"			password must be different from last one
"%*p"=~"^[0-9]*%*q$"		adding numbers to the front is not allowed
"%*p"=~"^%*q[0-9]*$"		adding numbers to the end is not allowed

#
# people and office (etc.) stuff
# all these are in lower case so we needn't worry about
# mixed cases 
#
"%*p"=~"^%*n$"			your name not allowed as password
"%*p"=~"^%-*n$"			reversed name not allowed as password
"%*p"=~"^%*u$"			login name not allowed as password
"%*p"=~"^%-*u$"			reversed login name not allowed as password
"%*p"=~"^%*f$"			first name not allowed as password
"%*p"=~"^%-*f$"			reversed first name not allowed as password
"%*p"=~"^%*s$"			last name not allowed as password
"%*p"=~"^%-*s$"			reversed last name not allowed as password
"%*p"=~"^%o$"			office not allowed as password
"%*p"=~"^%-o$"			reversed office not allowed as password
"%*p"=~"^%t$"			phone number not allowed as password
"%*p"=~"^%-t$"			reversed phone number not allowed as password
"%*p"=~"^%x$"			phone number not allowed as password
"%*p"=~"^%-x$"			reversed phone number not allowed as password
"%*p"=~"^%i$"			initials not allowed as password
"%*p"=~"^%-i$"			reversed initials not allowed as password

#
# host name stuff
#
"%*p"=~"^%h$"			host name not allowed as password
"%*p"=~"^%-h$"			reversed host name not allowed as password
"%*p"=~"^%d$"			domain name not allowed as password
"%*p"=~"^%-d$"			reversed domain name not allowed as password
"%*p"=~"^%h\.%d$"		domained host name not allowed as password

#
# dictionary words -- look for strange capitalizations too
#
#[/usr/dict/words] == "%p"		password matches dictionary entry
#{tr A-Z a-z < /usr/dict/words} == "%*p"	password is in dictionary

# This rule is for the 'ispell' program which is common for Linux. It uses
# the small 'helper' script in this directory.
#{/usr/lib/passwd+/ispell.test '%*p'}=~"failed"	password is in dictionary
@
