aboutsummaryrefslogtreecommitdiffstats
path: root/security/cracklib/files
diff options
context:
space:
mode:
Diffstat (limited to 'security/cracklib/files')
-rw-r--r--security/cracklib/files/cracklib.3105
1 files changed, 105 insertions, 0 deletions
diff --git a/security/cracklib/files/cracklib.3 b/security/cracklib/files/cracklib.3
new file mode 100644
index 00000000000..120d17b4223
--- /dev/null
+++ b/security/cracklib/files/cracklib.3
@@ -0,0 +1,105 @@
+.TH CRACKLIB 3
+.SH NAME
+FascistCheck \- check a potential password for guessability
+.SH LIBRARY
+Cracklib (libcrack, -lcrack)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <packer.h>
+.ft
+.LP
+.nf
+.ft B
+char *FascistCheck(char *pw, char *dictpath)
+.ft
+.SH DESCRIPTION
+.PP
+.B CrackLib
+is a library containing a C function which may be used in a
+.BR passwd (1)-like
+program.
+.PP
+The idea is simple: try to prevent users from choosing passwords that
+could be guessed by
+.B Crack
+by filtering them out, at source.
+.PP
+.B FascistCheck(\|)
+takes two arguments:
+.TP 10
+.I pw
+a string containing the user's chosen "potential password"
+.TP
+.I dictpath
+the full path name of the
+.B CrackLib
+dictionary, without the suffix
+.PP
+.B CrackLib
+is an offshoot of the the version 5
+.B Crack
+software, and contains a considerable number of ideas nicked from the
+new software.
+.PP
+.B CrackLib
+makes literally hundreds of tests to determine whether you've
+chosen a bad password.
+.RS
+.TP 3n
+\(bu
+It tries to generate words from your username and gecos entry to
+try to match them against what you've chosen.
+.PD 0
+.TP
+\(bu
+It checks for simplistic patterns.
+.TP
+\(bu
+It then tries to reverse-engineer your password into a dictionary
+word, and searches for it in your dictionary.
+.PD
+.RE
+.PP
+After all that, it's
+.I probably
+a safe(-ish) password.
+.SH "RETURN VALUE"
+.B FascistCheck(\|)
+returns the
+.SM NULL
+pointer for a good password or a pointer to a diagnostic string if it
+is a bad password.
+.SH BUGS
+.LP
+It can't catch everything.
+Just most things.
+.LP
+It calls \fCgetpwuid(getuid())\fR to look up the user,
+which
+.I may
+affect poorly written programs.
+.LP
+Using more than one dictionary file, \fIe.g.\fP:
+.ft C
+
+ char *msg;
+
+ if (msg = FascistCheck(pw, "onepath") ||
+ msg = FascistCheck(pw, "anotherpath")) {
+ printf("Bad Password: because %s\\n", msg);
+ }
+.ft
+.LP
+works, but it's a kludge.
+.ft B
+Avoid it if possible.
+.ft
+Using just the one dictionary is more efficient, anyway.
+.LP
+.B PWOpen(\|)
+routines should cope with having more than one dictionary open at a
+time.
+.SH "SEE ALSO"
+.BR passwd (1),
+.BR getpwuid (3),