diff --git a/lam/HISTORY b/lam/HISTORY
index de8adc19..dbc8a913 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -1,3 +1,7 @@
+June 2018
+ - Passwords can be checked against external service (e.g. https://api.pwnedpasswords.com/range)
+
+
19.03.2018 6.3
- Server profile: added option if referential integrity overlay is active to skip cleanup actions
- Unix: several options are now specific to subaccount types (reconfiguration required!)
diff --git a/lam/docs/manual-sources/chapter-configuration.xml b/lam/docs/manual-sources/chapter-configuration.xml
index 3b539b36..c1b5fe17 100644
--- a/lam/docs/manual-sources/chapter-configuration.xml
+++ b/lam/docs/manual-sources/chapter-configuration.xml
@@ -151,6 +151,43 @@
You can set the minimum password length and also the complexity of
the passwords.
+
+ External password check
+
+ Please note that this option is only displayed if you have
+ installed the PHP Curl extension for your web server.
+
+ This will validate passwords using an external service. LAM
+ supports the protocol used by Have
+ I been Pwned. You can use the service directly or setup any
+ custom service with the same API. If the service reports an error LAM
+ will log an error message and the password will be accepted.
+
+ Example URL:
+ https://api.pwnedpasswords.com/range/{SHA1PREFIX}
+
+ LAM will build a SHA1 hash of the password and send parts of it to
+ the service.
+
+ The configured URL must contain the wildcard "{SHA1PREFIX}" which
+ will be replaced with the 5 character hash prefix. The service must then
+ return a list of text lines in the format "<hash
+ suffix>:<number>".
+
+ "<hash suffix>" needs to be the suffix of a known insecure
+ password. The "<number>" can be any numeric value and will be
+ ignored by LAM.
+
+ Example:
+
+ Password hash: 21BD10018A45C4D1DEF81644B54AB7F969B88D65
+
+ Hash prefix sent to service: 21BD1
+
+ Returned line: 0018A45C4D1DEF81644B54AB7F969B88D65:1
+
+ This will reject the password.
diff --git a/lam/docs/manual-sources/chapter-installation.xml b/lam/docs/manual-sources/chapter-installation.xml
index fdce108f..bb8116f1 100644
--- a/lam/docs/manual-sources/chapter-installation.xml
+++ b/lam/docs/manual-sources/chapter-installation.xml
@@ -574,6 +574,12 @@
version. Unless explicitly noticed there is no need to install an
intermediate release.
+
+ 6.3 -> 6.4
+
+ No actions needed.
+
+
6.2 -> 6.3
diff --git a/lam/docs/manual-sources/images/configGeneral1.png b/lam/docs/manual-sources/images/configGeneral1.png
index 121da807..6b62b70d 100644
Binary files a/lam/docs/manual-sources/images/configGeneral1.png and b/lam/docs/manual-sources/images/configGeneral1.png differ
diff --git a/lam/docs/manual-sources/images/configGeneral2.png b/lam/docs/manual-sources/images/configGeneral2.png
index c79ac2f5..dbb642a5 100644
Binary files a/lam/docs/manual-sources/images/configGeneral2.png and b/lam/docs/manual-sources/images/configGeneral2.png differ
diff --git a/lam/docs/manual-sources/images/configGeneral3.png b/lam/docs/manual-sources/images/configGeneral3.png
index 31cb39a3..ec3f29bc 100644
Binary files a/lam/docs/manual-sources/images/configGeneral3.png and b/lam/docs/manual-sources/images/configGeneral3.png differ
diff --git a/lam/docs/manual-sources/images/configGeneral4.png b/lam/docs/manual-sources/images/configGeneral4.png
index dae51824..759f9c3d 100644
Binary files a/lam/docs/manual-sources/images/configGeneral4.png and b/lam/docs/manual-sources/images/configGeneral4.png differ
diff --git a/lam/docs/manual-sources/images/configGeneral5.png b/lam/docs/manual-sources/images/configGeneral5.png
index 762bd1cc..4a5ae908 100644
Binary files a/lam/docs/manual-sources/images/configGeneral5.png and b/lam/docs/manual-sources/images/configGeneral5.png differ
diff --git a/lam/docs/manual-sources/images/configGeneral6.png b/lam/docs/manual-sources/images/configGeneral6.png
index 65cc8b81..65f311ec 100644
Binary files a/lam/docs/manual-sources/images/configGeneral6.png and b/lam/docs/manual-sources/images/configGeneral6.png differ
diff --git a/lam/docs/manual-sources/images/configGeneral7.png b/lam/docs/manual-sources/images/configGeneral7.png
index a06c3241..dd4e1869 100644
Binary files a/lam/docs/manual-sources/images/configGeneral7.png and b/lam/docs/manual-sources/images/configGeneral7.png differ
diff --git a/lam/help/help.inc b/lam/help/help.inc
index 9cd82dd9..73db1ccf 100644
--- a/lam/help/help.inc
+++ b/lam/help/help.inc
@@ -172,7 +172,7 @@ $helpArray = array (
"248" => array ("Headline" => _('Password must not contain part of user/first/last name'),
"Text" => _('Specifies if the password must not contain 3 or more characters of the user/first/last name.')),
"249" => array ("Headline" => _('External password check'),
- "Text" => _('Please specify the URL (e.g. "https://api.pwnedpasswords.com/range/{SHA1PREFIX}") of your external password check and the severity if the check fails.')),
+ "Text" => _('Please specify the URL (e.g. "https://api.pwnedpasswords.com/range/{SHA1PREFIX}") of your external password check.')),
"250" => array ("Headline" => _("Filter"),
"Text" => _("Here you can input simple filter expressions (e.g. 'value' or 'v*'). The filter is case-sensitive.")),
"260" => array ("Headline" => _("Additional LDAP filter"),