There seems to be a conflicting guideline related to PIN content policy regards the PIN content policy that starts with
doc/policies/user.rst, we explain that:
test1234 would be a valid OTP PIN, but test12$$ and testABCS would not be valid OTP PINs. The later since it does not contain digits, the first ( test12$$ ) since it does contain a special character ($), which it should not.
combines the two required groups. I.e. the OTP PIN should contain characters from the sum of the two groups. test1234 , test12$$ , test and 1234 would all be valid OTP PINs.
However, currently in the code, PrivacyIDEA seems to interpret the
The policy to check a PIN can contain of “c”, “n” and “s”.
“cn” means, that the PIN should contain a character and a number.
“+cn” means, that the PIN should contain elements from the group of characters and numbers
“-ns” means, that the PIN must not contain numbers or special characters
And therefore, we are lacking of a way to force a PIN content to only have certain type of characters like proposing in the old users.rst doc. For example, use case where the user needs to be only allowed to set PIN that contains digits only.
I am not sure if I am missing something? And is it possible to add support for the use case similar to the old
Thank you in advance!