strength_config_boolean(ctx, "require_ascii_printable", &data->ascii);
strength_config_boolean(ctx, "require_non_letter", &data->nonletter);
+ /* Get trapdoor length from krb5.conf. */
+ strength_config_number(ctx, "cracklib_maxlen", &data->cracklib_maxlen);
+
/* Get complex character class restrictions from krb5.conf. */
code = strength_config_classes(ctx, "require_classes", &data->rules);
if (code != 0)
if (code != 0)
return code;
- /* Check the password against CDB, CrackLib, and SQLite if configured. */
- code = strength_check_cracklib(ctx, data, password);
- if (code != 0)
+ if (data->cracklib_maxlen == 0 ||
+ ((long) strlen(password) <= data->cracklib_maxlen)) {
+
+ /* Check the password against CDB, CrackLib, and SQLite if configured. */
+ code = strength_check_cracklib(ctx, data, password);
+ if (code != 0)
return code;
+ }
+
code = strength_check_cdb(ctx, data, password);
if (code != 0)
return code;
sqlite3_stmt *prefix_query; /* Query using the password prefix */
sqlite3_stmt *suffix_query; /* Query using the reversed password suffix */
#endif
+ long cracklib_maxlen; /* Longer passwords skip cracklib */
};
BEGIN_DECLS