1# Example of ppm configuration
2
3# Such configuration must be stored into pwdCheckModuleArg attribute
4# of a password policy entry
5# See slapo-ppolicy for more details
6# Here is an example of such password policy:
7#   dn: cn=default,ou=policies,dc=my-domain,dc=com
8#   objectClass: pwdPolicy
9#   objectClass: top
10#   objectClass: pwdPolicyChecker
11#   objectClass: person
12#   pwdCheckQuality: 2
13#   pwdAttribute: userPassword
14#   sn: default
15#   cn: default
16#   pwdMinLength: 6
17#   pwdCheckModule: /usr/local/lib/ppm.so
18#   pwdCheckModuleArg:: bWluUXVhbGl0eSAzCmNoZWNrUkROIDAKZm9yYmlkZGVuQ2hhcnMKbWF4Q29uc2VjdXRpdmVQZXJDbGFzcyAwCnVzZUNyYWNrbGliIDAKY3JhY2tsaWJEaWN0IC92YXIvY2FjaGUvY3JhY2tsaWIvY3JhY2tsaWJfZGljdApjbGFzcy11cHBlckNhc2UgQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVogMCAxCmNsYXNzLWxvd2VyQ2FzZSBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAwIDEKY2xhc3MtZGlnaXQgMDEyMzQ1Njc4OSAwIDEKY2xhc3Mtc3BlY2lhbCA8Piw/Oy46LyHCp8O5JSrCtV7CqCTCo8KyJsOpfiIjJ3soWy18w6hgX1zDp17DoEApXcKwPX0rIDAgMQ==
19#
20# Different parameters are separated by a linefeed (\n)
21# Parameters starting with a # are ignored
22# Use a base64 tool to code / decode the content of pwdCheckModuleArg
23
24
25
26# Parameters
27
28# minQuality parameter
29# Format:
30# minQuality [NUMBER]
31# Description:
32# One point is granted for each class for which MIN_FOR_POINT criteria is fulfilled.
33# defines the minimum point numbers for the password to be accepted.
34minQuality 3
35
36# checkRDN parameter
37# Format:
38# checkRDN [0 | 1]
39# Description:
40# If set to 1, password must not contain a token from the RDN.
41# Tokens are separated by these delimiters : space tabulation _ - , ; £
42checkRDN 0
43
44# forbiddenChars parameter
45# Format:
46# forbiddenChars [CHARACTERS_FORBIDDEN]
47# Description:
48# Defines the forbidden characters list (no separator).
49# If one of them is found in the password, then it is rejected.
50forbiddenChars
51
52# maxConsecutivePerClass parameter
53# Format:
54# maxConsecutivePerClass [NUMBER]
55# Description:
56# Defines the maximum number of consecutive character allowed for any class
57maxConsecutivePerClass 0
58
59# useCracklib parameter
60# Format:
61# useCracklib [0 | 1]
62# Description:
63# If set to 1, the password must pass the cracklib check
64useCracklib 0
65
66# cracklibDict parameter
67# Format:
68# cracklibDict [path_to_cracklib_dictionary]
69# Description:
70# directory+filename-prefix that your version of CrackLib will go hunting for
71# For example, /var/pw_dict resolves as /var/pw_dict.pwd,
72# /var/pw_dict.pwi and /var/pw_dict.hwm dictionary files
73cracklibDict /var/cache/cracklib/cracklib_dict
74
75# classes parameter
76# Format:
77# class-[CLASS_NAME] [CHARACTERS_DEFINING_CLASS] [MIN] [MIN_FOR_POINT]
78# Description:
79# [CHARACTERS_DEFINING_CLASS]: characters defining the class (no separator)
80# [MIN]: If at least [MIN] characters of this class is not found in the password, then it is rejected
81# [MIN_FOR_POINT]: one point is granted if password contains at least [MIN_FOR_POINT] character numbers of this class
82class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1
83class-lowerCase abcdefghijklmnopqrstuvwxyz 0 1
84class-digit 0123456789 0 1
85class-special <>,?;.:/!§ù%*µ^¨$£²&é~"#'{([-|è`_\ç^à@)]°=}+ 0 1
86