Whole document tree
    

Whole document tree

cracklib2 - development tools

cracklib2 - development tools

cracklib2 is a library containing a C function which may be used in a passwd like program. The idea is simple: try to prevent users from choosing passwords that could be guessed by crack by filtering them out, at source. cracklib2 is not a replacement passwd program. cracklib2 is a library.

cracklib2-dev contains the header files, static libraries, documentation, and symbolic links developers using cracklib2 will need.

Index

  1. General documentation on cracklib2.
  2. How to use cracklib2 with Debian.
    1. Debian shadow package.
    2. Debian pam package.
  3. cracklib2 man page.
  4. Example using cracklib2.
    1. Program.
    2. Makefile.

How to use cracklib2 with Debian

In Debian the binary packages login and passwd (both part of the source package shadow) and pam have some support for cracklib2. I've successfully built the shadow source package with cracklib2 support.

Debian shadow package

To use cracklib2 with the shadow package, you'll need to download the source package and rebuild the package on your machine. You'll obviously need the development environment. Fortunately, no changes in the source code or Debian modifications need to be made since the autoconf programs will automatically detect that cracklib2 is installed. The only requirement is that cracklib2 must be installed prior to rebuilding shadow.

After installing the rebuilt resulting binary packages, you'll need to modify the file /etc/login.defs. Set the entry for CRACKLIB_DICTPATH to the location of the cracklib2 dictionary database. This would normally be /var/cache/cracklib/cracklib_dict.

Next, you'll need to define what word list should be used to construct the /var/cache/cracklib/cracklib_dict database. Do this by adding additional entries in /etc/cracklib/cracklib.conf.

Finally, you'll need the utilities from the cracklib-runtime to build the dictionary databases that are needed by the shadow package that you built earlier.

That's it! Now every time a user changes or initially sets their password, it will be checked against the cracklib2 database.

Debian pam package

The Debian pam source packages has the pam_cracklib pluggable module that supports cracklib2. Unfortunately, I haven't investigated if it works or the steps required.


Copyright © 1998, 1999 Jean Pierre LeJacq
Distributed under the GNU GENERAL PUBLIC LICENSE.
last-modified: Wed, 3 Oct 2001 00:37:09 +0000