Description:
The password validation dictionary file contains several restrictions which make it difficult to use /usr/share/dict/words:
1. Limitation to files < 1MB in size
2. Requirement to specify all dictionary words in lower case.
On Oracle Linux 6.3, the default dictionary is 4.8M, and contains mixed-case words.
Because the contents are cached, it seems it would be reasonable to accept mixed-case strings, transforming them to lower-case as they are read, and retaining the existing case-insensitive matching.
During cache loading, any words less than 4 characters in length (minimum matching criteria) can be ignored.
Users should be able to specify a larger dictionary as needed, although we might choose to warn when the cache is loaded and the contents exceed a certain threshold, potentially slowing execution of PASSWORD() function.
How to repeat:
See above.
Suggested fix:
1. Relax size limitation to account for larger dictionaries, perhaps warning when threshold is exceeded.
2. Convert all strings to lower-case on loading the validation cache.
3. Ignore words in dictionary under 4 characters in length.