%PDF- %PDF-
Direktori : /usr/share/doc/libcrack2/ |
Current File : //usr/share/doc/libcrack2/libcrack2.html |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >cracklib2 - a pro-active password library</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"></HEAD ><BODY CLASS="article" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="ARTICLE" ><DIV CLASS="TITLEPAGE" ><H1 CLASS="title" ><A NAME="AEN1" >cracklib2 - a pro-active password library</A ></H1 ><H3 CLASS="author" ><A NAME="AEN51" >Jean Pierre LeJacq</A ></H3 ><H3 CLASS="author" ><A NAME="AEN56" >Martin Pitt</A ></H3 ><H3 CLASS="author" ><A NAME="AEN61" >Jan Dittberner</A ></H3 ><P CLASS="copyright" >Copyright © 1998, 1999 Jean Pierre LeJacq</P ><P CLASS="copyright" >Copyright © 2003 Martin Pitt</P ><P CLASS="copyright" >Copyright © 2008 Jan Dittberner</P ><P CLASS="pubdate" >$Date$<BR></P ><DIV ><DIV CLASS="abstract" ><P ></P ><A NAME="AEN4" ></A ><P ><SPAN CLASS="application" >cracklib2</SPAN > is a library containing a C function which may be used in a <A HREF="/cgi-bin/man/man2html/passwd+1" TARGET="_top" >passwd (1)</A > like program. The idea is simple: try to prevent users from choosing passwords that could be guessed by <A HREF="http://www.crypticide.com/alecm/security/c50-faq.html" TARGET="_top" ><SPAN CLASS="application" ><TT CLASS="filename" >crack</TT ></SPAN ></A > by filtering them out, at source. <SPAN CLASS="application" >cracklib2</SPAN > is <SPAN CLASS="emphasis" ><I CLASS="emphasis" >not</I ></SPAN > a replacement <A HREF="/cgi-bin/man/man2html/passwd+1" TARGET="_top" >passwd (1)</A > program. <SPAN CLASS="application" >cracklib2</SPAN > is a <SPAN CLASS="emphasis" ><I CLASS="emphasis" >library</I ></SPAN >.</P ><P ><SPAN CLASS="application" >cracklib2</SPAN > is an offshoot of version 5 of the <A HREF="http://www.crypticide.org/users/alecm/security/c50-faq.html" TARGET="_top" ><SPAN CLASS="application" ><TT CLASS="filename" >crack</TT ></SPAN ></A > software and contains a considerable number of ideas nicked from the new software.</P ><P ><SPAN CLASS="application" >cracklib2</SPAN >'s <A HREF="http://www.crypticide.org/dropsafe/about" TARGET="_top" >original home page</A > provides some links on security publications and access to source code written by the author of <SPAN CLASS="application" >cracklib2</SPAN >. While there is a <A HREF="README" TARGET="_top" >README</A > there is not much documentation available on <SPAN CLASS="application" >cracklib2</SPAN >. Hopefully this page that I generated for the <A HREF="http://www.debian.org" TARGET="_top" >Debian/GNU Linux</A > distribution will improve this situation.</P ><P ><SPAN CLASS="application" >cracklib2</SPAN > has been forked by <FONT COLOR="RED" ><SPAN CLASS="firstname" >Nathan</SPAN ><SPAN CLASS="surname" >Neulinger</SPAN ></FONT > who is now coordinating the further development. This fork has been blessed by the original maintainer in <A HREF="http://www.crypticide.com/dropsafe/article/1019" TARGET="_top" >this article</A >. The new upstream branch is hosted at the <A HREF="http://sourceforge.net/projects/cracklib" TARGET="_top" ><SPAN CLASS="application" >cracklib2</SPAN > <SPAN CLASS="trademark" >SourceForge</SPAN >™ project page</A >.</P ><P ></P ></DIV ></DIV ><HR></DIV ><DIV CLASS="TOC" ><DL ><DT ><B >Table of Contents</B ></DT ><DT >1. <A HREF="#AEN67" >Why <SPAN CLASS="application" >cracklib2</SPAN >?</A ></DT ><DT >2. <A HREF="#AEN72" >Who is responsible for all of this?</A ></DT ><DT >3. <A HREF="#AEN93" >How to use <SPAN CLASS="application" >cracklib2</SPAN > with Debian</A ></DT ><DT >4. <A HREF="#AEN111" >Debian <SPAN CLASS="application" >cracklib2</SPAN > package overview</A ></DT ></DL ></DIV ><DIV CLASS="section" ><H2 CLASS="section" ><A NAME="AEN67" >1. Why <SPAN CLASS="application" >cracklib2</SPAN >?</A ></H2 ><P >One of the most common security weaknesses in computer systems is the use of easily guessed passwords. <SPAN CLASS="application" >cracklib2</SPAN > tries to prevent the selection of weak passwords by checking potential passwords against dictionaries of commonly used or easily guessed words.</P ></DIV ><DIV CLASS="section" ><HR><H2 CLASS="section" ><A NAME="AEN72" >2. Who is responsible for all of this?</A ></H2 ><P ><A HREF="mailto:alecm@crypticide.com" TARGET="_top" >Alec Muffet</A > is the author of <SPAN CLASS="application" >cracklib2</SPAN >. <A HREF="mailto:jplejacq@quoininc.com" TARGET="_top" >Jean Pierre LeJacq</A > initially produced this Debian package, <A HREF="mailto:mpitt@debian.org" TARGET="_top" >Martin Pitt</A > is its current maintainer. <A HREF="mailto:jandd@debian.org" TARGET="_top" >Jan Dittberner</A > packaged the new upstream version of <SPAN CLASS="application" >cracklib2</SPAN > and updated the documentation.</P ></DIV ><DIV CLASS="section" ><HR><H2 CLASS="section" ><A NAME="AEN93" >3. How to use <SPAN CLASS="application" >cracklib2</SPAN > with Debian</A ></H2 ><P >Ideally, the password quality check should be done when an user sets his/her password. The PAM (Pluggable Authentication Modules) architecture makes it easy to integrate arbitrary checks (like <SPAN CLASS="application" >cracklib2</SPAN >) into programs like <SPAN CLASS="application" ><TT CLASS="filename" >passwd</TT ></SPAN > and <SPAN CLASS="application" ><TT CLASS="filename" >ssh</TT ></SPAN >.</P ><P >To use <SPAN CLASS="application" >cracklib2</SPAN > in Debian, install the package <FONT COLOR="RED" >libpam_cracklib</FONT > and follow the instructions to enable <FONT COLOR="RED" >libpam_cracklib</FONT > in <TT CLASS="filename" >/etc/pam.d/common-password</TT >.</P ><P >From now on,<SPAN CLASS="application" >cracklib2</SPAN > checks the password quality whenever a password is changed with <SPAN CLASS="application" ><TT CLASS="filename" >passwd</TT ></SPAN > and rejects bad ones.</P ></DIV ><DIV CLASS="section" ><HR><H2 CLASS="section" ><A NAME="AEN111" >4. Debian <SPAN CLASS="application" >cracklib2</SPAN > package overview</A ></H2 ><P >The source package is <FONT COLOR="RED" >cracklib2</FONT > which generates the following binary packages:</P ><P ></P ><DIV CLASS="variablelist" ><DL ><DT ><FONT COLOR="RED" >libcrack2</FONT ></DT ><DD ><P >Shared library and this documentation.</P ></DD ><DT ><FONT COLOR="RED" >libcrack2-dev</FONT ></DT ><DD ><P >Header files, static libraries, and symbolic links developers using <SPAN CLASS="application" >cracklib2</SPAN > will need. This package also provides an example program that shows the usage of <SPAN CLASS="application" >cracklib2</SPAN > in own applications.</P ></DD ><DT ><FONT COLOR="RED" >cracklib-runtime</FONT ></DT ><DD ><P >Run-time support programs which use the shared library in <FONT COLOR="RED" >libcrack2</FONT > including programs to build the password dictionary databases used by the functions in the shared library.</P ></DD ><DT ><FONT COLOR="RED" >python-cracklib</FONT ></DT ><DD ><P >This package provides Python bindings for the shared library in <FONT COLOR="RED" >libcrack2</FONT >.</P ></DD ></DL ></DIV ><P >This package does not include dictionaries since there are already lots of them in Debian (<FONT COLOR="RED" >wenglish</FONT >, <FONT COLOR="RED" >wngerman</FONT >, etc.).</P ></DIV ></DIV ></BODY ></HTML >