# password tests
# format of the GECOS field
GECOS:		"%s %s" f s
GECOS:		"%[^,],%[^,],%s" n o t
FORCEGECOS:	"%s,%s,%s" n o t
# what to log
LOGLEVEL:	all,!debug	> /etc/passwd.log
#
# tests
#
# general tests
#
%#p<6				password must be at least 6 chars long
%#b>0&%#v=0			if alphabetic chars, must be mixed case
#
# people and office (etc.) stuff
# all these are in lower case so we needn't worry about
# mixed cases 
#
"%*p"=~"^%*u$"			login name not allowed as password
"%*p"=~"^%-*u$"			reversed login name not allowed as password
"%*p"=~"^%*f$"			first name not allowed as password
"%*p"=~"^%-*f$"			reversed first name not allowed as password
"%*p"=~"^%*s$"			last name not allowed as password
"%*p"=~"^%-*s$"			reversed last name not allowed as password
"%*p"=~"^%o$"			office not allowed as password
"%*p"=~"^%-o$"			reversed office not allowed as password
"%*p"=~"^%t$"			phone number not allowed as password
"%*p"=~"^%-t$"			reversed phone number not allowed as password
"%*p"=~"^%1*f%1*m%1*s$"		initials not allowed as password
#
# host name stuff
#
"%*p"=~"^%h$"			host name not allowed as password
"%*p"=~"^%-h$"			reversed host name not allowed as password
"%*p"=~"^%d$"			domain name not allowed as password
"%*p"=~"^%-d$"			reversed domain name not allowed as password
"%*p"=~"^%h\.%d$"		domained host name not allowed as password
#
# dictionary words -- look for strange capitalizations too
#
[/usr/dict/words] == "%p"		password matches dictionary entry
{tr A-Z a-z < /usr/dict/words} == "%*p"	password is in dictionary
