From 4cbeb310782d30cb35486d2fca2bed124f40bab8 Mon Sep 17 00:00:00 2001
From: mboelen <michael@cisofy.com>
Date: Wed, 21 Oct 2015 22:58:52 +0200
Subject: Changes to improve password strength testing

---
 plugins/plugin_pam_phase1 | 44 +++++++++++++++++++-------------------------
 1 file changed, 19 insertions(+), 25 deletions(-)

(limited to 'plugins')

diff --git a/plugins/plugin_pam_phase1 b/plugins/plugin_pam_phase1
index 76388d94..4beea405 100644
--- a/plugins/plugin_pam_phase1
+++ b/plugins/plugin_pam_phase1
@@ -199,7 +199,7 @@
                                         if [ "${MIN_PASSWORD_CLASS}" = "" ]; then MIN_PASSWORD_CLASS=0; fi
                                         if [ "${MIN_PASSWORD_LENGTH}" = "" ]; then MIN_PASSWORD_LENGTH=6; fi
 
-                                        PAM_MODULE_PASSWORD_STRENGTH_TESTED=1
+                                        PAM_PASSWORD_STRENGTH_TESTED=1
                                         if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then
                                             Debug "Module options configured"
                                             for I in ${PAM_MODULE_OPTIONS}; do
@@ -214,39 +214,33 @@
                                                         DigitsOnly ${VALUE}
                                                         MIN_PASSWORD_LENGTH=${VALUE}
                                                     ;;
-                                                    # Digital characters
-                                                    dccredit)
-                                                        # Digits only
+                                                    retry)
+                                                        # Maximum  password retry
+                                                        logtext "Result: Max password Retry configured"
                                                         DigitsOnly ${VALUE}
-                                                        if [ ${VALUE} -gt 0 ]; then CREDITS_CONFIGURED=1; fi
+                                                        MAX_PASSWORD_RETRY=${VALUE}
                                                     ;;
-                                                    # Lowercase characters
-                                                    lccredit)
-                                                        # Digits only
-                                                        DigitsOnly ${VALUE}
-                                                        if [ ${VALUE} -gt 0 ]; then CREDITS_CONFIGURED=1; fi
+                                                    minclass)
+                                                        # Minimum number of class required out of upper, lower, digit and oters
+                                                        logtext "Result: Min number of password class is configured"
+                                                        MIN_PASSWORD_CLASS=${VALUE}
+                                                    ;;        
+                                                    dcredit)
+                                                        CREDITS_D_PASSWORD=${VALUE}
                                                     ;;
-                                                    # Other characters
-                                                    occredit)
-                                                        # Digits only
-                                                        DigitsOnly ${VALUE}
-
-                                                        if [ ${VALUE} -gt 0 ]; then CREDITS_CONFIGURED=1; fi
+                                                    lcredit)
+                                                        CREDITS_L_PASSWORD=${VALUE}
                                                     ;;
-                                                    # Uppercase characters
-                                                    uccredit)
-                                                        # Digits only
-                                                        DigitsOnly ${VALUE}
-                                                        if [ ${VALUE} -gt 0 ]; then CREDITS_CONFIGURED=1; fi
+                                                    ocredit)
+                                                        CREDITS_O_PASSWORD=${VALUE}
+                                                    ;;
+                                                    ucredit)
+                                                        CREDITS_U_PASSWORD=${VALUE}
                                                     ;;
                                                     *)
                                                         logtext "Result: unknown option found: ${OPTION} with value ${VALUE}"
                                                     ;;
                                                 esac
-                                                if [ ${CREDITS_CONFIGURED} -eq 1 ]; then
-                                                    logtext "Result: Credits are configured, password length minus 1"
-                                                    MIN_PASSWORD_LENGTH=`expr ${MIN_PASSWORD_LENGTH} - 1`
-                                                fi
                                             done
                                         fi
                                     ;;
-- 
cgit v1.2.3