From nobody@FreeBSD.org  Tue Dec  3 23:08:42 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id 6C9C9CA0
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  3 Dec 2013 23:08:42 +0000 (UTC)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 57FDD1A22
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  3 Dec 2013 23:08:42 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id rB3N8gZb007385
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 3 Dec 2013 23:08:42 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id rB3N8gBP007384;
	Tue, 3 Dec 2013 23:08:42 GMT
	(envelope-from nobody)
Message-Id: <201312032308.rB3N8gBP007384@oldred.freebsd.org>
Date: Tue, 3 Dec 2013 23:08:42 GMT
From: Ryan Gerstenkorn <ryan_gerstenkorn@fastmail.fm>
To: freebsd-gnats-submit@FreeBSD.org
Subject: passwd (1) man page incorrect info about login.conf
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         184482
>Category:       docs
>Synopsis:       passwd (1) man page incorrect info about login.conf
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    wblock
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 03 23:10:00 UTC 2013
>Closed-Date:    Fri Feb 14 15:47:05 UTC 2014
>Last-Modified:  Fri Feb 14 15:50:00 UTC 2014
>Originator:     Ryan Gerstenkorn
>Release:        9-STABLE
>Organization:
>Environment:
FreeBSD FreeBSD92 9.2-STABLE FreeBSD 9.2-STABLE #1: Fri Nov  1 20:37:16 PDT 2013     root@FreeBSD92:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
In the passwd (1) man page it says the following:
"The new password should be at least six characters long (which may be
     overridden using the login.conf(5) ``minpasswordlen'' setting for a
     user's login class) and not purely alphabetic."

"The new password should contain a mixture of upper and lower case charac-
     ters (which may be overridden using the login.conf(5) ``mixpasswordcase''
     setting for a user's login class).  Allowing lower case passwords may be
     useful where the password file will be used in situations where only
     lower case passwords are permissible, such as when using Samba to authen-
     ticate Windows clients.  In all other situations, numbers, upper case
     letters and meta characters are encouraged."

under Files:
"/etc/login.conf     login class capabilities database"

under See Also:
login(1), login.conf(5),


However it seems that login.conf is no longer used by passwd(1), and instead 
password length and complexity is handled by pam with the pam_passwdqc module.

From login.conf:
     "The minpasswordlen and minpasswordcase facilities for enforcing restric-
     tions on password quality, which used to be supported by login.conf, have
     been superseded by the pam_passwdqc(8) PAM module."
>How-To-Repeat:
man passwd;man login.conf
>Fix:
Sorry no patch, just replace paragraphs before with info about how to change the password complexity requirements with pam... or just refer to pam and pam_passwdqc(8)

>Release-Note:
>Audit-Trail:

From: Ryan Gerstenkorn <ryan_gerstenkorn@fastmail.fm>
To: bug-followup@FreeBSD.org,
 Ryan Gerstenkorn <ryan_gerstenkorn@fastmail.fm>
Cc:  
Subject: Re: docs/184482: passwd (1) man page incorrect info about login.conf
Date: Tue, 3 Dec 2013 15:15:32 -0800

 --Apple-Mail=_0C9FE278-E3BE-4E67-A8B5-E53962713B2A
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain;
 	charset=us-ascii
 
 Also there are no complexity requirements by default currently.
 
 --Apple-Mail=_0C9FE278-E3BE-4E67-A8B5-E53962713B2A
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename=signature.asc
 Content-Type: application/pgp-signature;
 	name=signature.asc
 Content-Description: Message signed with OpenPGP using GPGMail
 
 -----BEGIN PGP SIGNATURE-----
 Comment: GPGTools - http://gpgtools.org
 
 iQEcBAEBCgAGBQJSnmYVAAoJEJUCCfchdXm9UE8IALHDiUC9PalcuTiXOr+v2qqu
 ufQfrBg2IMxrorMWxcu1hZ/4S9bo5LUQk5Td9KSED0aqVJnqX307LdwvtvhxmmRy
 RiXmvaLDVgTEDulQhjvI+ac3GF+KBuBH6dvuVKKZX86FDbaUNRC7u2OReuk4lVKR
 zrxoC1NubL/B6lLa4DDEf0TcBZuijYaqcKm38krAEjvKh1zY42oyQSvGCXJvkRnp
 ohlEgcFji2KEDwUYDrjsUCX14iKW+2Neli4LbJ4nMgegqwfLezxSNvUQ2ouxIDhD
 e3NwdtMoocoqTbDc7/74nwU2iYl7Gg11GSwTCk6eA1cVLpcwAdigvtDAIo0nIcw=
 =rtAd
 -----END PGP SIGNATURE-----
 
 --Apple-Mail=_0C9FE278-E3BE-4E67-A8B5-E53962713B2A--

From: Allan Jude <freebsd@allanjude.com>
To: bug-followup@FreeBSD.org, ryan_gerstenkorn@fastmail.fm
Cc:  
Subject: Re: docs/184482: passwd (1) man page incorrect info about login.conf
Date: Thu, 13 Feb 2014 17:32:47 -0500

 This is a multi-part message in MIME format.
 --------------000406000308090404010608
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 
 Short man page patch to remove the offending sections
 
 -- 
 Allan Jude
 
 --------------000406000308090404010608
 Content-Type: text/plain; charset=windows-1252;
  name="man.passwd.1.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="man.passwd.1.diff"
 
 Index: usr.bin/passwd/passwd.1
 ===================================================================
 --- usr.bin/passwd/passwd.1	(revision 261727)
 +++ usr.bin/passwd/passwd.1	(working copy)
 @@ -59,27 +59,10 @@
  .Nm
  utility prompts for the new password twice in order to detect typing errors.
  .Pp
 -The new password should be at least six characters long (which
 -may be overridden using the
 -.Xr login.conf 5
 -.Dq minpasswordlen
 -setting for a user's login class) and not purely alphabetic.
 -Its total length must be less than
 +The total length of the password must be less than
  .Dv _PASSWORD_LEN
  (currently 128 characters).
  .Pp
 -The new password should contain a mixture of upper and lower case
 -characters (which may be overridden using the
 -.Xr login.conf 5
 -.Dq mixpasswordcase
 -setting for a user's login class).
 -Allowing lower case passwords may
 -be useful where the password file will be used in situations where only
 -lower case passwords are permissible, such as when using Samba to
 -authenticate Windows clients.
 -In all other situations, numbers, upper
 -case letters and meta characters are encouraged.
 -.Pp
  Once the password has been verified,
  .Nm
  communicates the new password information to
 
 --------------000406000308090404010608--
Responsible-Changed-From-To: freebsd-doc->wblock 
Responsible-Changed-By: wblock 
Responsible-Changed-When: Fri Feb 14 14:27:19 UTC 2014 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=184482 
State-Changed-From-To: open->closed 
State-Changed-By: wblock 
State-Changed-When: Fri Feb 14 15:46:29 UTC 2014 
State-Changed-Why:  
Patch committed with minor additions.  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=184482 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/184482: commit references a PR
Date: Fri, 14 Feb 2014 15:46:19 +0000 (UTC)

 Author: wblock (doc committer)
 Date: Fri Feb 14 15:46:06 2014
 New Revision: 261895
 URL: http://svnweb.freebsd.org/changeset/base/261895
 
 Log:
   Remove mention of minimum password length and upper/lower case checking,
   patch supplied by Allan Jude <freebsd@allanjude.com>.  Add xref to
   pam_passwdqc(8), where that testing is now done.
   
   PR:		docs/184482
   Submitted by:	Ryan Gerstenkorn <ryan_gerstenkorn@fastmail.fm>
   Reviewed by:	jilles, eadler
   MFC after:	3 days
 
 Modified:
   head/usr.bin/passwd/passwd.1
 
 Modified: head/usr.bin/passwd/passwd.1
 ==============================================================================
 --- head/usr.bin/passwd/passwd.1	Fri Feb 14 15:31:48 2014	(r261894)
 +++ head/usr.bin/passwd/passwd.1	Fri Feb 14 15:46:06 2014	(r261895)
 @@ -28,7 +28,7 @@
  .\"	@(#)passwd.1	8.1 (Berkeley) 6/6/93
  .\" $FreeBSD$
  .\"
 -.Dd June 6, 1993
 +.Dd February 14, 2014
  .Dt PASSWD 1
  .Os
  .Sh NAME
 @@ -59,27 +59,10 @@ The
  .Nm
  utility prompts for the new password twice in order to detect typing errors.
  .Pp
 -The new password should be at least six characters long (which
 -may be overridden using the
 -.Xr login.conf 5
 -.Dq minpasswordlen
 -setting for a user's login class) and not purely alphabetic.
 -Its total length must be less than
 +The total length of the password must be less than
  .Dv _PASSWORD_LEN
  (currently 128 characters).
  .Pp
 -The new password should contain a mixture of upper and lower case
 -characters (which may be overridden using the
 -.Xr login.conf 5
 -.Dq mixpasswordcase
 -setting for a user's login class).
 -Allowing lower case passwords may
 -be useful where the password file will be used in situations where only
 -lower case passwords are permissible, such as when using Samba to
 -authenticate Windows clients.
 -In all other situations, numbers, upper
 -case letters and meta characters are encouraged.
 -.Pp
  Once the password has been verified,
  .Nm
  communicates the new password information to
 @@ -230,6 +213,7 @@ login class capabilities database
  .Xr passwd 5 ,
  .Xr kerberos 8 ,
  .Xr kpasswdd 8 ,
 +.Xr pam_passwdqc 8 ,
  .Xr pw 8 ,
  .Xr pwd_mkdb 8 ,
  .Xr vipw 8
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
