1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>
<title>cracklib2 - a pro-active password library</title>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
<meta http-equiv="keywords" content="crack, cracklib, password, security" />
</head>
<body>
<h1>cracklib2 - a pro-active password library</h1>
<p>
<code>cracklib2</code> is a library containing a C function which may be
used in a <a
href="/cgi-bin/man2html/usr/share/man/man1/passwd.1.gz"><code>passwd</code></a>
like program. The idea is simple: try to prevent users from choosing
passwords that could be guessed by <a
href="http://www.crypticide.org/users/alecm/"><code>crack</code></a> by filtering them out, at
source. <code>cracklib2</code> is <em>not</em> a replacement <a
href="/cgi-bin/man2html/usr/share/man/man1/passwd.1.gz"><code>passwd</code></a>
program. <code>cracklib2</code> is a <em>library</em>.
</p>
<p>
<code>cracklib2</code> is an offshoot of version 5 of the <a
href="http://www.crypticide.org/users/alecm/"><code>crack</code></a> software and contains a
considerable number of ideas nicked from the new software.
</p>
<p>
<code>cracklib2</code>'s <a href="http://www.crypticide.org/users/alecm/">home page</a> provides
some links on security publications and access to source code written by
the author of <code>cracklib2</code>. While there is a <a
href="README">README</a> there is not much documentation available on
<code>cracklib2</code>. Hopefully this page that I generated for the <a
href="http://www.debian.org">Debian/GNU Linux</a> distribution will
improve this situation.
</p>
<h2>Index</h2>
<ol>
<li> <a href="#cracklib.uses">Why <code>cracklib2</code>?</a> </li>
<li> <a href="#cracklib.authors">Who is responsible for all of this?</a> </li>
<li> <a href="#cracklib.howtouse">How to use <code>cracklib2</code> with Debian</a></li>
<li> <a href="#cracklib.debian.package">Debian <code>cracklib2</code> package
overview.</a> </li>
<li>
<a href="../cracklib-runtime/cracklib-runtime.html">Debian
<code>cracklib-runtime</code> utilities.</a> (only available if
<code>cracklib-runtime</code> package installed)
</li>
<li> <a href="changelog.Debian.gz">Debian changelog.</a> </li>
<li> <a href="changelog.gz">Upstream changelog.</a> </li>
<li> <a href="copyright">Copyright file.</a> </li>
</ol>
<hr/>
<h2> <a id="cracklib.uses">Why <code>cracklib2</code>?</a> </h2>
<p>
One of the most common security weaknesses in computer systems is the use
of easily guessed passwords. <code>cracklib2</code> tries to prevent the
selection of weak passwords by checking potential passwords against <a
href="#cracklib.dictionaries">dictionaries</a> of commonly used or easily
guessed words.
</p>
<h2> <a id="cracklib.authors">Who is responsible for all of this?</a> </h2>
<p> <a href="mailto:alecm@crypticide.com">Alec Muffett
<alecm@crypticide.com></a> is the author of
<code>cracklib2</code>. <a href="mailto:jplejacq@quoininc.com">Jean Pierre
LeJacq <jplejacq@quoininc.com></a> initially produced this Debian
package, <a href="mailto:mpitt@debian.org">Martin Pitt
<mpitt@debian.org></a> is its current maintainer.
</p>
<h2> <a id="cracklib.howtouse">How to use cracklib2 with Debian</a></h2>
<p>
Ideally, the password quality check should be done when an user
sets his/her password. The PAM (Pluggable Authentication Modules)
architecture makes it easy to integrate arbitrary checks (like
cracklib2) into programs like <code>passwd</code> and
<code>ssh</code>.
</p>
<p>To use cracklib2 in Debian, install the package
<code>libpam_cracklib</code> and append the following two lines to
<code>/etc/pam.d/passwd</code>:</p>
<pre>
password required pam_cracklib.so retry=3 minlen=6 difok=3
@include other</pre>
<p>From now on, cracklib2 checks the password quality whenever a
password is changed with <code>passwd</code> and rejects bad
ones.</p>
<h2><a id="cracklib.debian.package">Debian <code>cracklib2</code> package
overview.</a></h2>
<p> The source package is <code>cracklib2</code> which generates the following
binary packages: </p>
<dl>
<dt><code>cracklib2</code></dt>
<dd>Shared library and this documentation.</dd>
<dt><code>cracklib2-dev</code></dt>
<dd>
Header files, static libraries, and symbolic links
developers using <code>cracklib2</code> will need. This
package also provides an example program that shows the usage
of <code>cracklib2</code> in own applications.
</dd>
<dt><code>cracklib-runtime</code></dt>
<dd>
Run-time support programs which use the shared library in
<code>cracklib2</code> including programs to build the password
dictionary databases used by the functions in the shared library.
</dd>
</dl>
<p> This package does not include dictionaries since there are
already lots of them in Debian (<code>wenglish</code>,
<code>wngerman</code>, etc.). </p>
<hr/>
<p>
Original Copyright © 1998, 1999
<a href="mailto:jplejacq@quoininc.com">Jean Pierre LeJacq</a>
<br/>
Currently maintained by <a href="mailto:mpitt@debian.org">Martin Pitt</a>
<br/>
Distributed under the <a href="../../common-licenses/GPL">GNU GENERAL PUBLIC
LICENSE</a>.
<br/>
last-modified: Thu, 21 Oct 2003
</p>
</body>
</html>
|
