Merge pull request #4 from dariaphoebe/main

[kerberos/krb5-strength.git] / tools / heimdal-strength.pod

diff --git a/tools/heimdal-strength.pod b/tools/heimdal-strength.pod
index 93ae31cbe8cca8de5eafec6e57a5d30587cf950e..eab8d0f8f99cdd7b8f7691f22211f7c5ebf681bf 100644 (file)
--- a/tools/heimdal-strength.pod
+++ b/tools/heimdal-strength.pod
@@ -1,6 +1,7 @@
 =for stopwords
 heimdal-strength Heimdal CrackLib krb5-strength Allbery CDB
 canonicalization krb5-strength-wordlist reproducibly
+SPDX-License-Identifier FSFAP
 
 =head1 NAME
 
@@ -54,6 +55,16 @@ The following F<krb5.conf> configuration options are supported:
 
 =over 4
 
+=item cracklib_maxlen
+
+Normally, all passwords are checked with CrackLib if a CrackLib dictionary
+is defined.  However, CrackLib's rules were designed for a world in which
+most passwords were four to eight characters long, and tends to spuriously
+reject a lot of passphrases.  If this option is set to something other
+than its default of 0, passwords longer than that length bypass CrackLib
+checks.  (Using a SQLite dictionary for longer passwords is strongly
+recommended.)
+
 =item minimum_different
 
 If set to a numeric value, passwords with fewer than this number of unique
@@ -193,7 +204,7 @@ Russ Allbery <eagle@eyrie.org>
 
 Copyright 2016 Russ Allbery <eagle@eyrie.org>
 
-Copyright 2010, 2013, 2014 The Board of Trustees of the Leland Stanford
+Copyright 2010, 2013-2014 The Board of Trustees of the Leland Stanford
 Junior University
 
 Copying and distribution of this file, with or without modification, are
@@ -201,4 +212,6 @@ permitted in any medium without royalty provided the copyright notice and
 this notice are preserved.  This file is offered as-is, without any
 warranty.
 
+SPDX-License-Identifier: FSFAP
+
 =cut