Context Navigation

source: postlfs/security/cracklib.xml@ 026f189

Visit:

trunk

Last change on this file since 026f189 was c1fef61d, checked in by Douglas R. Reno <renodr@…>, 6 weeks ago
cracklib: Remove two instructions which are no longer needed
Property mode set to `100644`
File size: 12.2 KB

Rev	Line
[ab4fdfc]	1	<?xml version="1.0" encoding="UTF-8"?>
[6732c094]	2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
	3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
[b4b71892]	4	<!ENTITY % general-entities SYSTEM "../../general.ent">
	5	%general-entities;
	6
[1b6c879]	7	<!ENTITY cracklib-url "https://github.com/cracklib/cracklib/releases/download">
[9912ce81]	8
[0b8fb2f]	9	<!ENTITY cracklib-download-http "&cracklib-url;/v&cracklib-version;/cracklib-&cracklib-version;.tar.xz">
[306fb0e]	10	<!ENTITY cracklib-download-ftp " ">
[61610ce]	11	<!ENTITY cracklib-md5sum "a99e0aef4c677df7063624690b634988">
[c0f934f0]	12	<!ENTITY cracklib-size "456 KB">
	13	<!ENTITY cracklib-buildsize "5.0 MB">
[f260307]	14	<!ENTITY cracklib-time "less than 0.1 SBU">
[1f4d911]	15
[0b8fb2f]	16	<!ENTITY crackdict-download "&cracklib-url;/v&cracklib-version;/cracklib-words-&cracklib-version;.xz">
	17	<!ENTITY crackdict-size "4.0 MB">
	18	<!ENTITY crackdict-md5sum "f27804022dbf2682a7f7c353317f9a53">
[b4b71892]	19	]>
	20
[8b1b2dc7]	21	<sect1 id="cracklib" xreflabel="CrackLib-&cracklib-version;">
[9623b6e8]	22	<?dbhtml filename="cracklib.html"?>
	23
	24
[8b1b2dc7]	25	<title>CrackLib-&cracklib-version;</title>
[9623b6e8]	26
	27	<indexterm zone="cracklib">
[8b1b2dc7]	28	<primary sortas="a-CrackLib">CrackLib</primary>
[9623b6e8]	29	</indexterm>
	30
	31	<sect2 role="package">
[8b1b2dc7]	32	<title>Introduction to CrackLib</title>
[9623b6e8]	33
[47274444]	34	<para>
	35	The <application>CrackLib</application> package contains a
	36	library used to enforce strong passwords by comparing user selected
	37	passwords to words in chosen word lists.
	38	</para>
[9623b6e8]	39
[d4dc5bae]	40	&lfs122_checked;
[5f4181d]	41
[9623b6e8]	42	<bridgehead renderas="sect3">Package Information</bridgehead>
	43	<itemizedlist spacing="compact">
	44	<listitem>
[47274444]	45	<para>
	46	Download (HTTP): <ulink url="&cracklib-download-http;"/>
	47	</para>
[9623b6e8]	48	</listitem>
	49	<listitem>
[47274444]	50	<para>
	51	Download (FTP): <ulink url="&cracklib-download-ftp;"/>
	52	</para>
[9623b6e8]	53	</listitem>
	54	<listitem>
[47274444]	55	<para>
	56	Download MD5 sum: &cracklib-md5sum;
	57	</para>
[9623b6e8]	58	</listitem>
	59	<listitem>
[47274444]	60	<para>
	61	Download size: &cracklib-size;
	62	</para>
[9623b6e8]	63	</listitem>
	64	<listitem>
[47274444]	65	<para>
	66	Estimated disk space required: &cracklib-buildsize;
	67	</para>
[9623b6e8]	68	</listitem>
	69	<listitem>
[47274444]	70	<para>
	71	Estimated build time: &cracklib-time;
	72	</para>
[9623b6e8]	73	</listitem>
	74	</itemizedlist>
	75
	76	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
[8f1699f2]	77	<itemizedlist spacing="compact">
[0b8fb2f]	78	<para>Recommended word list for English-speaking countries:</para>
[9623b6e8]	79	<listitem>
[47274444]	80	<para>
[0b8fb2f]	81	Download (HTTP): <ulink url="&crackdict-download;"/>
	82	</para>
	83	</listitem>
	84	<listitem>
	85	<para>
	86	Download MD5 sum: &crackdict-md5sum;
	87	</para>
	88	</listitem>
	89	<listitem>
	90	<para>
[e440af5]	91	Download size: &crackdict-size;
[47274444]	92	</para>
[22861b3]	93	</listitem>
[9623b6e8]	94	</itemizedlist>
	95
[47274444]	96	<para>
	97	There are additional word lists available for download, e.g., from
[cd29bc9]	98	<ulink url="https://wiki.skullsecurity.org/index.php/Passwords"/>.
[47274444]	99	<application>CrackLib</application> can utilize as many, or as few word
	100	lists you choose to install.
	101	</para>
[62494cc]	102
[22861b3]	103	<important>
[47274444]	104	<para>
	105	Users tend to base their passwords on regular words of the spoken
	106	language, and crackers know that. <application>CrackLib</application>
	107	is intended to filter out such bad passwords at the source using a
	108	dictionary created from word lists. To accomplish this, the word
	109	list(s) for use with <application>CrackLib</application> must be an
	110	exhaustive list of words and word-based keystroke combinations likely
	111	to be chosen by users of the system as (guessable) passwords.
	112	</para>
	113
	114	<para>
	115	The default word list recommended above for downloading mostly
	116	satisfies this role in English-speaking countries. In other situations,
	117	it may be necessary to download (or even create) additional word lists.
	118	</para>
	119
	120	<para>
	121	Note that word lists suitable for spell-checking are not usable
	122	as <application>CrackLib</application> word lists in countries with
	123	non-Latin based alphabets, because of <quote>word-based keystroke
	124	combinations</quote> that make bad passwords.
	125	</para>
[22861b3]	126	</important>
[5156197]	127
[9623b6e8]	128	</sect2>
	129
	130	<sect2 role="installation">
[8b1b2dc7]	131	<title>Installation of CrackLib</title>
[4f65b2f]	132
[47274444]	133	<para>
	134	Install <application>CrackLib</application> by running the following
	135	commands:
	136	</para>
[b4b71892]	137
[c1fef61d]	138	<screen><userinput>./configure --prefix=/usr \
[806e763]	139	--disable-static \
[2eb2948]	140	--with-default-dict=/usr/lib/cracklib/pw_dict &&
[8b1b2dc7]	141	make</userinput></screen>
[b4b71892]	142
[47274444]	143	<para>
	144	Now, as the <systemitem class="username">root</systemitem> user:
	145	</para>
[9623b6e8]	146
[2eb2948]	147	<screen role="root"><userinput>make install</userinput></screen>
[22861b3]	148
[47274444]	149	<para>
	150	Issue the following commands as the
	151	<systemitem class="username">root</systemitem> user to install the
	152	recommended word list and create the <application>CrackLib</application>
	153	dictionary. Other word lists (text based, one word per line) can also be
	154	used by simply installing them into
	155	<filename class="directory">/usr/share/dict</filename> and adding them
	156	to the <command>create-cracklib-dict</command> command.
	157	</para>
[22861b3]	158
[0b8fb2f]	159	<screen role="root"><userinput>install -v -m644 -D ../cracklib-words-&cracklib-version;.xz \
	160	/usr/share/dict/cracklib-words.xz &&
[806e763]	161
[0b8fb2f]	162	unxz -v /usr/share/dict/cracklib-words.xz &&
	163	ln -v -sf cracklib-words /usr/share/dict/words &&
	164	echo $(hostname) >> /usr/share/dict/cracklib-extra-words &&
	165	install -v -m755 -d /usr/lib/cracklib &&
[806e763]	166
	167	create-cracklib-dict /usr/share/dict/cracklib-words \
[efd93087]	168	/usr/share/dict/cracklib-extra-words</userinput></screen>
[8b1b2dc7]	169
[47274444]	170	<para>
	171	If desired, check the proper operation of the library as an
	172	unprivileged user by issuing the following command:
	173	</para>
[a4440544]	174
[e7d4e823]	175	<screen remap="test"><userinput>make test</userinput></screen>
[9623b6e8]	176
[c6bdcb0]	177	<important>
[47274444]	178	<para>
	179	If you are installing <application>CrackLib</application> after
	180	your LFS system has been completed and you have the
	181	<application>Shadow</application> package installed, you must
	182	reinstall <xref linkend="shadow"/> if you wish to provide strong
	183	password support on your system. If you are now going to install the
	184	<xref linkend="linux-pam"/> package, you may disregard this note as
	185	<application>Shadow</application> will be reinstalled after the
	186	<application>Linux-PAM</application> installation.
	187	</para>
[c6bdcb0]	188	</important>
	189
[9623b6e8]	190	</sect2>
	191
	192	<sect2 role="commands">
	193	<title>Command Explanations</title>
	194
[c1fef61d]	195	<!-- not needed with 2.10.2
[fb3a93b3]	196	<para>
	197	<command>autoreconf -fiv</command>: The configure script shipped with
	198	the package is too old to get the right version string of Python
	199	3.10 or later. This command regenerates it with a more recent version
	200	of autotools, which fixes the issue.
	201	</para>
	202
[0f0dc82]	203	<para>
	204	<envar>PYTHON=python3</envar>: This forces the installation of
	205	python bindings for Python 3, even if Python 2 is installed.
	206	</para>
[c1fef61d]	207	-->
[0b8fb2f]	208
[47274444]	209	<para>
[875b3b57]	210	<parameter>--with-default-dict=/usr/lib/cracklib/pw_dict</parameter>:
[47274444]	211	This parameter forces the installation of the
	212	<application>CrackLib</application> dictionary to the
	213	<filename class="directory">/lib</filename> hierarchy.
	214	</para>
[8f1699f2]	215
	216	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
	217	href="../../xincludes/static-libraries.xml"/>
[8b1b2dc7]	218
[47274444]	219	<para>
	220	<command>install -v -m644 -D ...</command>: This command creates the
	221	<filename class="directory">/usr/share/dict</filename> directory (if it
	222	doesn't already exist) and installs the compressed word list there.
	223	</para>
	224
	225	<para>
	226	<command>ln -v -s cracklib-words /usr/share/dict/words</command>: The
	227	word list is linked to <filename>/usr/share/dict/words</filename> as
	228	historically, <filename>words</filename> is the primary word list in the
	229	<filename class="directory">/usr/share/dict</filename> directory. Omit
	230	this command if you already have a
	231	<filename>/usr/share/dict/words</filename> file installed on your system.
	232	</para>
	233
	234	<para>
	235	<command>echo $(hostname) >>...</command>: The value of
	236	<command>hostname</command> is echoed to a file called
	237	<filename>cracklib-extra-words</filename>. This extra file is intended
	238	to be a site specific list which includes easy to guess passwords such
	239	as company or department names, user names, product names, computer
	240	names, domain names, etc.
	241	</para>
	242
	243	<para>
	244	<command>create-cracklib-dict ...</command>: This command creates the
	245	<application>CrackLib</application> dictionary from the word lists.
	246	Modify the command to add any additional word lists you have installed.
	247	</para>
[9623b6e8]	248
	249	</sect2>
	250
	251	<sect2 role="content">
	252	<title>Contents</title>
	253
	254	<segmentedlist>
	255	<segtitle>Installed Programs</segtitle>
	256	<segtitle>Installed Libraries</segtitle>
[d80152af]	257	<segtitle>Installed Directories</segtitle>
[9623b6e8]	258
	259	<seglistitem>
[8b1b2dc7]	260	<seg>cracklib-check, cracklib-format, cracklib-packer,
[bc1c6f26]	261	cracklib-unpacker, cracklib-update, and create-cracklib-dict</seg>
[d456f78c]	262
[0f0dc82]	263	<seg>libcrack.so and the _cracklib.so
	264	(<application>Python</application> module)</seg>
[0d7900a]	265
[bc1c6f26]	266	<seg>/usr/lib/cracklib, /usr/share/dict and /usr/share/cracklib</seg>
[9623b6e8]	267	</seglistitem>
	268	</segmentedlist>
	269
	270	<variablelist>
	271	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
	272	<?dbfo list-presentation="list"?>
	273	<?dbhtml list-presentation="table"?>
	274
[efd93087]	275	<varlistentry id="cracklib-check">
	276	<term><command>cracklib-check</command></term>
	277	<listitem>
[47274444]	278	<para>
[4c24eb0a]	279	is used to determine if a password is strong
[47274444]	280	</para>
[efd93087]	281	<indexterm zone="cracklib cracklib-check">
	282	<primary sortas="b-cracklib-check">cracklib-check</primary>
	283	</indexterm>
	284	</listitem>
	285	</varlistentry>
	286
[c2de366]	287	<varlistentry id="cracklib-format">
	288	<term><command>cracklib-format</command></term>
	289	<listitem>
[47274444]	290	<para>
	291	is used to format text files (lowercases all words,
[4c24eb0a]	292	removes control characters and sorts the lists)
[47274444]	293	</para>
[c2de366]	294	<indexterm zone="cracklib cracklib-format">
	295	<primary sortas="b-cracklib-format">cracklib-format</primary>
	296	</indexterm>
	297	</listitem>
	298	</varlistentry>
	299
	300	<varlistentry id="cracklib-packer">
	301	<term><command>cracklib-packer</command></term>
	302	<listitem>
[47274444]	303	<para>
[4c24eb0a]	304	creates a database with words read from standard input
[47274444]	305	</para>
[c2de366]	306	<indexterm zone="cracklib cracklib-packer">
	307	<primary sortas="b-cracklib-packer">cracklib-packer</primary>
	308	</indexterm>
	309	</listitem>
	310	</varlistentry>
	311
	312	<varlistentry id="cracklib-unpacker">
	313	<term><command>cracklib-unpacker</command></term>
	314	<listitem>
[47274444]	315	<para>
[4c24eb0a]	316	displays on standard output the database specified
[47274444]	317	</para>
[c2de366]	318	<indexterm zone="cracklib cracklib-packer">
	319	<primary sortas="b-cracklib-packer">cracklib-packer</primary>
	320	</indexterm>
	321	</listitem>
	322	</varlistentry>
	323
[8b1b2dc7]	324	<varlistentry id="create-cracklib-dict">
[0170790e]	325	<term><command>create-cracklib-dict</command></term>
[8b1b2dc7]	326	<listitem>
[47274444]	327	<para>
	328	is used to create the <application>CrackLib</application>
[4c24eb0a]	329	dictionary from the given word list(s)
[47274444]	330	</para>
[8b1b2dc7]	331	<indexterm zone="cracklib create-cracklib-dict">
	332	<primary sortas="b-create-cracklib-dict">create-cracklib-dict</primary>
	333	</indexterm>
	334	</listitem>
	335	</varlistentry>
	336
[9623b6e8]	337	<varlistentry id="libcrack">
[8f1699f2]	338	<term><filename class="libraryfile">libcrack.so</filename></term>
[9623b6e8]	339	<listitem>
[47274444]	340	<para>
	341	provides a fast dictionary lookup method for strong
[4c24eb0a]	342	password enforcement
[47274444]	343	</para>
[9623b6e8]	344	<indexterm zone="cracklib libcrack">
[d456f78c]	345	<primary sortas="c-libcrack">libcrack.so</primary>
[9623b6e8]	346	</indexterm>
	347	</listitem>
	348	</varlistentry>
	349
	350	</variablelist>
	351
	352	</sect2>
[fa48bf3]	353
	354	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: