On 10/13/10 02:46, Brad Tilley wrote:
> I was experimenting with a program to meet PCI DSS 1.2 password length
> and content/complexity requirements and integrating it with login.conf
> for users who have shell access to OpenBSD systems. It seems to work as
> expected, but I wanted to run my configuration by misc.
>
> I appended the following two lines to the end of both default and staff
> in login.conf. Look OK?
Staff gets it from default, so no point in adding it there too.
staff:\
/.../
:tc=default:
/Alexander
>
> :passwordcheck=/path/to/program:\
> :passwordtries=0:
>
> I understand that it would be easy (and redundant) to use minpasswordlen
> to meet the length requirement, but it's easy to check that in the
> program itself.
>
> Brad
