1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
<?xml version="1.0"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<article class="productsheet">
<title>cracklib2 - a pro-active password library</title>
<articleinfo>
<abstract>
<para><application>cracklib2</application> is a library
containing a C function which may be used in a <ulink
url="/cgi-bin/man/man2html/passwd+1">passwd
(1)</ulink> like program. The idea is simple: try to prevent
users from choosing passwords that could be guessed by <ulink
url="http://www.crypticide.com/alecm/security/c50-faq.html"><application><filename>crack</filename></application></ulink>
by filtering them out, at
source. <application>cracklib2</application> is
<emphasis>not</emphasis> a replacement <ulink
url="/cgi-bin/man/man2html/passwd+1">passwd
(1)</ulink> program. <application>cracklib2</application> is a
<emphasis>library</emphasis>.</para>
<para><application>cracklib2</application> is an offshoot of
version 5 of the <ulink
url="http://www.crypticide.org/users/alecm/security/c50-faq.html"><application><filename>crack</filename></application></ulink>
software and contains a considerable number of ideas nicked from
the new software.</para>
<para><application>cracklib2</application>'s <ulink
url="http://www.crypticide.org/dropsafe/about">original home
page</ulink> provides some links on security publications and
access to source code written by the author of
<application>cracklib2</application>. While there is a <ulink
url="README">README</ulink> there is not much documentation
available on <application>cracklib2</application>. Hopefully
this page that I generated for the <ulink
url="http://www.debian.org">Debian/GNU Linux</ulink>
distribution will improve this situation.</para>
<para><application>cracklib2</application> has been forked by
<personname><firstname>Nathan</firstname><surname>Neulinger</surname></personname>
who is now coordinating the further development. This fork has
been blessed by the original maintainer in <ulink
url="http://www.crypticide.com/dropsafe/article/1019">this
article</ulink>. The new upstream branch is hosted at the <ulink
url="http://sourceforge.net/projects/cracklib"><application>cracklib2</application>
<trademark>SourceForge</trademark> project page</ulink>.</para>
</abstract>
<copyright>
<year>1998</year>
<year>1999</year>
<holder>Jean Pierre LeJacq</holder>
</copyright>
<copyright>
<year>2003</year>
<holder>Martin Pitt</holder>
</copyright>
<copyright>
<year>2008</year>
<holder>Jan Dittberner</holder>
</copyright>
<legalnotice>
<para>This package and this document is free software; you may
redistribute it and/or modify it under the terms of the GNU
General Public License version 2 as published by the Free
Software Foundation.</para>
<para>A copy of the GNU General Public License version 2 is
available as /usr/share/common-licenses/GPL-2 in the Debian
GNU/Linux distribution or on the World Wide Web at <ulink
url="http://www.gnu.org/copyleft/gpl.html">http://www.gnu.org/copyleft/gpl.html</ulink>. You
can also obtain it by writing to the Free Software Foundation,
Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
USA.</para>
</legalnotice>
<author>
<firstname>Jean Pierre</firstname>
<surname>LeJacq</surname>
<contrib>Original Debian packaging</contrib>
<email>jplejacq@quoininc.com</email>
</author>
<author>
<firstname>Martin</firstname>
<surname>Pitt</surname>
<contrib>Debian package maintainer before version 2.8.</contrib>
<email>mpitt@debian.org</email>
</author>
<author>
<firstname>Jan</firstname>
<surname>Dittberner</surname>
<contrib>Reformulation to DocBook XML, updated to reflect new
packaging and upstream version. Current Debian package
maintainer.</contrib>
<email>jandd@debian.org</email>
</author>
<pubdate>$Date$</pubdate>
</articleinfo>
<section>
<title>Why <application>cracklib2</application>?</title>
<para>One of the most common security weaknesses in computer
systems is the use of easily guessed
passwords. <application>cracklib2</application> tries to prevent
the selection of weak passwords by checking potential passwords
against dictionaries of commonly used or easily guessed
words.</para>
</section>
<section>
<title>Who is responsible for all of this?</title>
<para><ulink
url="mailto:alecm@crypticide.com"><author><firstname>Alec</firstname><surname>Muffet</surname></author></ulink>
is the author of <application>cracklib2</application>. <ulink
url="mailto:jplejacq@quoininc.com"><author><firstname>Jean
Pierre</firstname><surname>LeJacq</surname></author></ulink>
initially produced this Debian package, <ulink
url="mailto:mpitt@debian.org"><author><firstname>Martin</firstname><surname>Pitt</surname></author></ulink>
is its current maintainer. <ulink
url="mailto:jandd@debian.org"><author><firstname>Jan</firstname><surname>Dittberner</surname></author></ulink>
packaged the new upstream version of
<application>cracklib2</application> and updated the
documentation.</para>
</section>
<section>
<title>How to use <application>cracklib2</application> with
Debian</title>
<para>Ideally, the password quality check should be done when an
user sets his/her password. The PAM (Pluggable Authentication
Modules) architecture makes it easy to integrate arbitrary checks
(like <application>cracklib2</application>) into programs like
<application><filename>passwd</filename></application> and
<application><filename>ssh</filename></application>.</para>
<para>To use <application>cracklib2</application> in Debian,
install the package <package>libpam_cracklib</package> and follow
the instructions to enable <package>libpam_cracklib</package> in
<filename>/etc/pam.d/common-password</filename>.</para>
<para>From now on,<application>cracklib2</application> checks the
password quality whenever a password is changed with
<application><filename>passwd</filename></application> and rejects
bad ones.</para>
</section>
<section>
<title>Debian <application>cracklib2</application> package overview</title>
<para>The source package is <package>cracklib2</package> which
generates the following binary packages:</para>
<variablelist>
<varlistentry>
<term><package>libcrack2</package></term>
<listitem><para>Shared library and this
documentation.</para></listitem>
</varlistentry>
<varlistentry>
<term><package>libcrack2-dev</package></term>
<listitem><para>Header files, static libraries, and symbolic
links developers using <application>cracklib2</application>
will need. This package also provides an example program that
shows the usage of <application>cracklib2</application> in own
applications.</para></listitem>
</varlistentry>
<varlistentry>
<term><package>cracklib-runtime</package></term>
<listitem><para>Run-time support programs which use the shared
library in <package>libcrack2</package> including programs to
build the password dictionary databases used by the functions
in the shared library.</para></listitem>
</varlistentry>
<varlistentry>
<term><package>python-cracklib</package></term>
<listitem><para>This package provides Python bindings for the
shared library in
<package>libcrack2</package>.</para></listitem>
</varlistentry>
</variablelist>
<para>This package does not include dictionaries since there are
already lots of them in Debian (<package>wenglish</package>,
<package>wngerman</package>, etc.).</para>
</section>
</article>
|
