--- loncom/interface/lonpreferences.pm	2019/04/24 21:12:44	1.230
+++ loncom/interface/lonpreferences.pm	2019/04/24 21:15:48	1.231
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Preferences
 #
-# $Id: lonpreferences.pm,v 1.230 2019/04/24 21:12:44 raeburn Exp $
+# $Id: lonpreferences.pm,v 1.231 2019/04/24 21:15:48 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1310,7 +1310,7 @@ sub passwordchanger {
                 );
                 return;
             }
-         } else {
+        } else {
             $r->print(
                 '<p class="LC_warning">'
                .&mt('Sorry, the URL generated when you requested reset of'
@@ -1619,7 +1619,7 @@ ENDERROR
                          &mt('Please try again.').'</span>',$caller,$mailtoken);
             return 1;
         }
-    } 
+    }
     if ($newpass1 ne $newpass2) {
 	&passwordchanger($r,
 			 '<span class="LC_warning">'.
@@ -1627,12 +1627,84 @@ ENDERROR
 			 &mt('Please try again.').'</span>',$caller,$mailtoken);
 	return 1;
     }
-    if (length($newpass1) < 7) {
-	&passwordchanger($r,
-			 '<span class="LC_warning">'.
-			 &mt('Passwords must be a minimum of 7 characters long.').'  '.
-			 &mt('Please try again.').'</span>',$caller,$mailtoken);
-	return 1;
+    if ($currentauth eq 'unix:') {
+        if (length($newpass1) < 7) {
+            &passwordchanger($r,
+                             '<span class="LC_warning">'.
+                             &mt('Passwords must be a minimum of 7 characters long.').'  '.
+                             &mt('Please try again.').'</span>',$caller,$mailtoken);
+            return 1;
+        }
+    } else {
+        my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
+        my ($min,$max,@chars,@brokerule);
+        if (ref($passwdconf{'chars'}) eq 'ARRAY') {
+            if ($passwdconf{'min'} =~ /^\d+$/) {
+                $min = $passwdconf{'min'};
+            }
+            if ($passwdconf{'max'} =~ /^\d+$/) {
+                $max = $passwdconf{'max'};
+            }
+            @chars = @{$passwdconf{'chars'}};
+        } else {
+            $min = 7;
+        }
+        if (($min) && (length($newpass1) < $min)) {
+            push(@brokerule,'min');
+        }
+        if (($max) && (length($newpass1) > $max)) {
+            push(@brokerule,'max');
+        }
+        if (@chars) {
+            my %rules;
+            map { $rules{$_} = 1; } @chars;
+            if ($rules{'uc'}) {
+                unless ($newpass1 =~ /[A-Z]/) {
+                    push(@brokerule,'uc');
+                }
+            }
+            if ($rules{'lc'}) {
+                unless ($newpass1 =~ /a-z/) {
+                    push(@brokerule,'lc');
+                }
+            }
+            if ($rules{'num'}) {
+                unless ($newpass1 =~ /\d/) {
+                    push(@brokerule,'num');
+                }
+            }
+            if ($rules{'spec'}) {
+                unless ($newpass1 =~ /[!"#$%&'()*+,\-.\/:;<=>?@[\\\]^_`{|}~]/) {
+                    push(@brokerule,'spec');
+                }
+            }
+        }
+        if (@brokerule) {
+            my %rulenames = &Apache::lonlocal::texthash(
+                uc   => 'At least one upper case letter',
+                lc   => 'At least one lower case letter',
+                num  => 'At least one number',
+                spec => 'At least one non-alphanumeric',
+            );
+            $rulenames{'uc'} .= ': ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+            $rulenames{'lc'} .= ': abcdefghijklmnopqrstuvwxyz';
+            $rulenames{'num'} .= ': 0123456789';
+            $rulenames{'spec'} .= ': !&quot;\#$%&amp;\'()*+,-./:;&lt;=&gt;?@[\]^_\`{|}~';
+            $rulenames{'min'} = &mt('Minimum password length: [_1]',$min);
+            $rulenames{'max'} = &mt('Maximum password length: [_1]',$max);
+            my $warning = &mt('Password did not satisfy the following:').'<ul>';
+            foreach my $rule ('min','max','uc','ls','num','spec') {
+                if (grep(/^$rule$/,@brokerule)) {
+                    $warning .= '<li>'.$rulenames{$rule}.'</li>';
+                }
+            }
+            $warning .= '</ul>';
+            &passwordchanger($r,'<span class="LC_warning">'.
+                            $warning.
+                            &mt('Please try again.').'</span>',
+                            $caller,$mailtoken);
+            return 1;
+        }
     }
     #
     # Check for bad characters