From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Fri, 19 Dec 2025 11:10:58 +0000 (+0000)
Subject: passwd: Clarify password strength check comment
X-Git-Tag: 4.19.0~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d349e1ab7d61c884de5096e1ebd14d564a4a5fd9;p=thirdparty%2Fshadow.git

passwd: Clarify password strength check comment

- The total number of password change tries can be configured
- Except min length, password strength checks can be disabled
- Even the root user can have password strength checks...
- ... except in some cases (stdin, command line arguments)

In general, this code does not run for PAM, except root directory
is modified through command line arguments by root user.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---

diff --git a/src/passwd.c b/src/passwd.c
index 17cda7745..17c50787b 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -241,9 +241,9 @@ static int new_password (const struct passwd *pw)
 
 	/*
 	 * Get the new password. The user is prompted for the new password
-	 * and has five tries to get it right. The password will be tested
-	 * for strength, unless it is the root user. This provides an escape
-	 * for initial login passwords.
+	 * and has PASS_CHANGE_TRIES tries to get it right. The password will
+	 * be optionally tested for strength. The root user can circumvent
+	 * tests. This provides an escape for initial login passwords.
 	 */
 	method = getdef_str ("ENCRYPT_METHOD");
 	if (NULL == method) {