%general-entities; ]> $LastChangedBy$ $Date$ CrackLib The CrackLib package contains a library used to enforce strong passwords by comparing user selected passwords to words in chosen word lists. Package Information Download (HTTP): Download (FTP): Download MD5 sum: &cracklib-http-md5sum; Download size: &cracklib-size; Estimated disk space required: &cracklib-buildsize; Estimated build time: &cracklib-time; Additional Downloads Recommended word list for English-speaking locales (size: &crackdict-size;; md5sum: &crackdict-md5sum;): Additional word lists: Required patch to create a library used with the Heimdal Kerberos 5 package: Users tend to base their passwords on regular words of the spoken language, and crackers know that. CrackLib is intended to filter out such bad passwords at the source using a dictionary created from word lists. To accomplish this, the word list(s) for use with CrackLib must be an exhaustive list of words and word-based keystroke combinations likely to be chosen by users of the system as (guessable) passwords. The default word list recommended above for downloading mostly satisfies this role in English-speaking countries. In other situations, it may be necessary to download (or even create) additional word lists. Note that word lists suitable for spell-checking are not usable as CrackLib word lists in countries with non-Latin based alphabets, because of word-based keystroke combinations that make bad passwords. If desired, apply the Heimdal patch (note that with this patch the original library is not affected; this patch only creates an additional library used by the Heimdal password-checking routines): patch -Np1 -i ../cracklib-&cracklib-version;-heimdal-1.patch Install CrackLib by running the following commands: ./configure --prefix=/usr --datadir=/lib && make Now, as the root user: make install && mv -v /usr/lib/libcrack.so.2* /lib && ln -v -sf ../../lib/libcrack.so.2.8.0 /usr/lib/libcrack.so The following commands can be used to install the recommended word list. Other word lists (text based, one word per line) can also be used by simply installing them into /usr/share/dict. install -v -m644 -D ../cracklib-words.gz \ /usr/share/dict/cracklib-words.gz && gunzip -v /usr/share/dict/cracklib-words.gz && ln -v -s cracklib-words /usr/share/dict/words && echo $(hostname) >>/usr/share/dict/cracklib-extra-words && create-cracklib-dict /usr/share/dict/cracklib-words \ /usr/share/dict/cracklib-extra-words If desired, check the proper operation of the library as an unprivileged user using the tests included with the package: make test --datadir=/lib: This parameter forces the installation of the CrackLib dictionary to the /lib hierarchy. mv -v /usr/lib/libcrack.so.2* /lib and ln -v -sf ../../lib/libcrack.so.2.8.0 ...: These two commands move the libcrack.so.2.8.0 library and associated symlink from /usr/lib to /lib, then recreates the /usr/lib/libcrack.so symlink pointing to the relocated file. install -v -m644 -D ...: This command creates the /usr/share/dict directory (if it doesn't already exist) and installs the compressed word list there. ln -v -s cracklib-words /usr/share/dict/words: The word list is linked to /usr/share/dict/words as historically, words is the primary word list in the /usr/share/dict directory. Omit this command if you already have a /usr/share/dict/words file installed on your system. echo $(hostname) >>...: The value of hostname is echoed to a file called cracklib-extra-words. This extra file is intended to be a site specific list which includes easy to guess passwords such as company or department names, user's names, product names, computer names, domain names, etc. create-cracklib-dict ...: This command creates the CrackLib dictionary from the word lists. Modify the command to add any additional word lists you have installed. Installed Programs Installed Libraries Installed Directories cracklib-check, cracklib-format, cracklib-packer, cracklib-unpacker and create-cracklib-dict libcrack.[so,a] and optionally, libcrack_heimdal.[so,a] /lib/cracklib and /usr/share/dict Short Descriptions create-cracklib-dict is used to create the CrackLib dictionary from the given word list(s). create-cracklib-dict libcrack.[so,a] provides a fast dictionary lookup method for strong password enforcement. libcrack.[so,a]