Bug 264851 - Chapter 14.2.4 - Difficult to understand or typo
Summary: Chapter 14.2.4 - Difficult to understand or typo
Status: New
Alias: None
Product: Documentation
Classification: Unclassified
Component: Books & Articles (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-doc (Nobody)
URL:
Keywords:
Depends on:
Blocks: 263315
  Show dependency treegraph
 
Reported: 2022-06-23 15:53 UTC by kodcode
Modified: 2022-06-25 20:29 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description kodcode 2022-06-23 15:53:30 UTC
Hi. Can I have a sanity test on the FreeBSD Handbook? Chapter 14.2.4

"In this example, the first three types of passwords are disabled, meaning that passwords that meet those complexity requirements will not be accepted, regardless of their length."

- does not make sense to me... "that meet" or "that do not meet"?
Comment 1 Marek Zarychta 2022-06-23 18:34:47 UTC
Regardless of the length, passwords from these classes will not be accesteted.
This is relatively clear, but the chapter doesn't cover the scenario when the password is expired and the user logs in to change it. Please compare:
https://reviews.freebsd.org/D27656
Comment 2 kodcode 2022-06-23 20:11:51 UTC
Meeting a requirement has a positive meaning,
as if "fulfilling a requirement".

This sentence sounds positive and negative. (Meet a requirement -> not get accepted). Confusing.

I am not a native English speaker, but I asked on freebsd.libera.org,
and a native English speaker could also not make sense of this sentence.
Comment 3 Graham Perrin 2022-06-25 12:31:47 UTC
(In reply to kodcode from comment #0)

> 14.2.4

<https://docs.freebsd.org/en/books/handbook/book/#security-pwpolicy> | <https://docs.freebsd.org/en/books/handbook/security/#security-pwpolicy>

----

> … using built-in Pluggable Authentication Modules (PAM). …

Instead: 

> … using pluggable authentication modules (PAMs). …

----

> … the pam_passwdqc.so module. This module is enforced when a user 
> changes their password. …

Instead: 

> … the pam_passwdqc.so module, which is enforced when a user 
> changes their password. 
> 
> pam_passwdqc(8) describes five classes of character, and other aspects of 
> password quality control. …

----

> This example sets several requirements for new passwords. The min setting 
> controls the minimum password length. It has five values because this 
> module defines five different types of passwords based on their 
> complexity. Complexity is defined by the type of characters that must 
> exist in a password, such as letters, numbers, symbols, and case. The 
> types of passwords are described in pam_passwdqc(8). In this example, 
> the first three types of passwords are disabled, meaning that passwords 
> that meet those complexity requirements will not be accepted, regardless 
> of their length. The 12 sets a minimum password policy of at least 
> twelve characters, if the password also contains characters with 
> three types of complexity. The 10 sets the password policy to also allow 
> passwords of at least ten characters, if the password contains characters 
> with four types of complexity.

Too verbose, IMHO. Instead: 

> In the example above: 
> 
> * min sets values for types N0, N1, N2, N3 and N4
> 
> * types N0, N1 and N2 are disallowed
> 
> * if three classes of character (N3) are used, then the word length must 
>   be at least 12
> 
> * if four classes (N4) are used, then the word length must be at least 10. 

– something like that. 

The reader is directed, _before_ the example, to see the manual page that describes the N types.
Comment 4 PauAmma freebsd_triage 2022-06-25 18:06:13 UTC
Thanks. Would "is in one of these complexity classes" or "belongs to one of these complexity classes" work better?
Comment 5 kodcode 2022-06-25 20:29:18 UTC
(In reply to PauAmma from comment #4)

Yes. Definitely! (Personally, I prefer "belongs...")

(Graham's edit is very clear, too)