Hi Nathan, Richard,
I was thinking along the lines of pam_passwdqc, well part of it.
The password should contain at least 3 different character categories.
The categories being: lowercase, uppercase, special characters and numbers
Not specifically a minumum number of uppercase/lowercase/...
Off course there should be no user data in the password, it should not
even contain the username as a substring. But I think that code is
already in CVS. It's checking for cn, givenname, surname, ... attributes
A dictionarry check would be nice but I would maybe make this optional.
I guess that if we make the rules too stringent the enduser may complain
Greetings,
Jo