X-Git-Url: https://git.eyrie.org/?a=blobdiff_plain;f=plugin%2Fgeneral.c;h=aeb43b9e70c12430c8058f41d262a70e41a9ed02;hb=0f8d4b669710edea08fd5da37cd1af443d6384d8;hp=c491ea01b9522742e2fd2afc0ff4f5cb587a4ccd;hpb=2d17a4a8055f2067c85da8e3eee89cfe7183a573;p=kerberos%2Fkrb5-strength.git

diff --git a/plugin/general.c b/plugin/general.c
index c491ea0..aeb43b9 100644
--- a/plugin/general.c
+++ b/plugin/general.c
@@ -55,6 +55,9 @@ strength_init(krb5_context ctx, const char *dictionary,
     strength_config_boolean(ctx, "require_ascii_printable", &data->ascii);
     strength_config_boolean(ctx, "require_non_letter", &data->nonletter);
 
+    /* Get trapdoor length from krb5.conf. */
+    strength_config_number(ctx, "cracklib_maxlen", &data->cracklib_maxlen);
+
     /* Get complex character class restrictions from krb5.conf. */
     code = strength_config_classes(ctx, "require_classes", &data->rules);
     if (code != 0)
@@ -199,10 +202,15 @@ strength_check(krb5_context ctx UNUSED, krb5_pwqual_moddata data,
     if (code != 0)
         return code;
 
-    /* Check the password against CDB, CrackLib, and SQLite if configured. */
-    code = strength_check_cracklib(ctx, data, password);
-    if (code != 0)
+    if (data->cracklib_maxlen == 0 ||
+	((long) strlen(password) <= data->cracklib_maxlen)) {
+
+      /* Check the password against CDB, CrackLib, and SQLite if configured. */
+      code = strength_check_cracklib(ctx, data, password);
+      if (code != 0)
         return code;
+    }
+
     code = strength_check_cdb(ctx, data, password);
     if (code != 0)
         return code;