Document that checking against the principal is always done

Even if there are no dictionaries configured, we still check whether
the password is based on the principal.

diff --git a/NEWS b/NEWS
index c00196b60bae040731f22da8a346885e6aa18e50..b171725e721f4bb50dd058a1642150552793d4c1 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -41,10 +41,10 @@ krb5-strength 2.0 (unreleased)
     letter (upper or lower case) or a space.
 
     The plugin can now be configured without a dictionary, in which case
-    only the simpler checks available through the new configuration
-    variables are done.  This mode is mostly useful for testing, since
-    such simple checking can more easily be done via less complex password
-    strength configurations.
+    only checks for a password based on the principal and the simpler
+    checks available through the new configuration variables are done.
+    This mode is mostly useful for testing, since such simple checking can
+    more easily be done via less complex password strength configurations.
 
     The plugin now sets the Kerberos error message in the context to pass
     error information, resulting in higher-quality error reporting in the

diff --git a/README b/README
index afa690875db4e6f596cf24a7575f5f29a8bb9fd9..0de775118fbd38d8f8f7432cde201015a30d088d 100644 (file)
--- a/README
+++ b/README
@@ -324,6 +324,7 @@ CONFIGURATION
       additional complexity.
 
   You can omit any dictionary setting and only use the above settings, in
-  which case only the above checks and no dictionary checks will be
-  performed.  (But for that simple style of password strength checking,
-  there are probably better strength checking plugins already available.)
+  which case only the above checks and checks for passwords based on the
+  principal will be done, bypassing any dictionary check.  (But for that
+  simple style of password strength checking, there are probably better
+  strength checking plugins already available.)