Fix some sorting bugs in embedded CrackLib

[kerberos/krb5-strength.git] / README

diff --git a/README b/README
index 8d88ed46d3d63a3a54a9416adaafada9ef66def5..756ffcc195182adfca92f9b6164362e76307a80e 100644 (file)
--- a/README
+++ b/README
@@ -411,6 +411,16 @@ CONFIGURATION
   The following additional settings are supported in the [appdefaults]
   section of krb5.conf when running under either Heimdal or MIT Kerberos.
 
+  cracklib_maxlen
+
+      Normally, all passwords are checked with CrackLib if a CrackLib
+      dictionary is defined.  However, CrackLib's rules were designed for
+      a world in which most passwords were four to eight characters long,
+      and tends to spuriously reject a lot of passphrases.  If this option
+      is set to something other than its default of 0, passwords longer
+      than that length bypass CrackLib checks.  (Using a SQLite dictionary
+      for longer passwords is strongly recommended.)
+
   minimum_different
 
       If set to a numeric value, passwords with fewer than this number of
@@ -495,7 +505,7 @@ SUPPORT
 
   The krb5-strength web page at:
 
-      http://www.eyrie.org/~eagle/software/krb5-strength/
+      https://www.eyrie.org/~eagle/software/krb5-strength/
 
   will always have the current version of this package, the current
   documentation, and pointers to any additional resources.
@@ -514,7 +524,7 @@ SOURCE REPOSITORY
 
   or view the repository via the web at:
 
-      http://git.eyrie.org/?p=kerberos/krb5-strength.git
+      https://git.eyrie.org/?p=kerberos/krb5-strength.git
 
   When contributing modifications, either patches (possibly generated by
   git format-patch) or Git pull requests are welcome.