I was experimenting with a program to meet PCI DSS 1.2 password length and content/complexity requirements and integrating it with login.conf for users who have shell access to OpenBSD systems. It seems to work as expected, but I wanted to run my configuration by misc.
I appended the following two lines to the end of both default and staff in login.conf. Look OK? :passwordcheck=/path/to/program:\ :passwordtries=0: I understand that it would be easy (and redundant) to use minpasswordlen to meet the length requirement, but it's easy to check that in the program itself. Brad
