diff options
Diffstat (limited to 'security/cracklib/files')
-rw-r--r-- | security/cracklib/files/cracklib.3 | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/security/cracklib/files/cracklib.3 b/security/cracklib/files/cracklib.3 new file mode 100644 index 00000000000..120d17b4223 --- /dev/null +++ b/security/cracklib/files/cracklib.3 @@ -0,0 +1,105 @@ +.TH CRACKLIB 3 +.SH NAME +FascistCheck \- check a potential password for guessability +.SH LIBRARY +Cracklib (libcrack, -lcrack) +.SH SYNOPSIS +.nf +.ft B +#include <packer.h> +.ft +.LP +.nf +.ft B +char *FascistCheck(char *pw, char *dictpath) +.ft +.SH DESCRIPTION +.PP +.B CrackLib +is a library containing a C function which may be used in a +.BR passwd (1)-like +program. +.PP +The idea is simple: try to prevent users from choosing passwords that +could be guessed by +.B Crack +by filtering them out, at source. +.PP +.B FascistCheck(\|) +takes two arguments: +.TP 10 +.I pw +a string containing the user's chosen "potential password" +.TP +.I dictpath +the full path name of the +.B CrackLib +dictionary, without the suffix +.PP +.B CrackLib +is an offshoot of the the version 5 +.B Crack +software, and contains a considerable number of ideas nicked from the +new software. +.PP +.B CrackLib +makes literally hundreds of tests to determine whether you've +chosen a bad password. +.RS +.TP 3n +\(bu +It tries to generate words from your username and gecos entry to +try to match them against what you've chosen. +.PD 0 +.TP +\(bu +It checks for simplistic patterns. +.TP +\(bu +It then tries to reverse-engineer your password into a dictionary +word, and searches for it in your dictionary. +.PD +.RE +.PP +After all that, it's +.I probably +a safe(-ish) password. +.SH "RETURN VALUE" +.B FascistCheck(\|) +returns the +.SM NULL +pointer for a good password or a pointer to a diagnostic string if it +is a bad password. +.SH BUGS +.LP +It can't catch everything. +Just most things. +.LP +It calls \fCgetpwuid(getuid())\fR to look up the user, +which +.I may +affect poorly written programs. +.LP +Using more than one dictionary file, \fIe.g.\fP: +.ft C + + char *msg; + + if (msg = FascistCheck(pw, "onepath") || + msg = FascistCheck(pw, "anotherpath")) { + printf("Bad Password: because %s\\n", msg); + } +.ft +.LP +works, but it's a kludge. +.ft B +Avoid it if possible. +.ft +Using just the one dictionary is more efficient, anyway. +.LP +.B PWOpen(\|) +routines should cope with having more than one dictionary open at a +time. +.SH "SEE ALSO" +.BR passwd (1), +.BR getpwuid (3), |