Context Navigation

source: postlfs/security/cracklib.xml@ 2eb2948

Visit:

11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 2eb2948 was 2eb2948, checked in by Douglas R. Reno <renodr@…>, 3 years ago
cracklib: adapt to merged-/usr changes
Property mode set to `100644`
File size: 12.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY cracklib-url "https://github.com/cracklib/cracklib/releases/download">
8
9	<!ENTITY cracklib-download-http "&cracklib-url;/v&cracklib-version;/cracklib-&cracklib-version;.tar.bz2">
10	<!ENTITY cracklib-download-ftp " ">
11	<!ENTITY cracklib-md5sum "0d68de25332cee5660850528a385427f">
12	<!ENTITY cracklib-size "592 KB">
13	<!ENTITY cracklib-buildsize "4.2 MB">
14	<!ENTITY cracklib-time "less than 0.1 SBU">
15
16	<!ENTITY crackdict-download "&cracklib-url;/v&cracklib-version;/cracklib-words-&cracklib-version;.bz2">
17	<!ENTITY crackdict-size "6.7 MB">
18	<!ENTITY crackdict-md5sum "94e9963e4786294f7fb0f2efd7618551">
19	]>
20
21	<sect1 id="cracklib" xreflabel="CrackLib-&cracklib-version;">
22	<?dbhtml filename="cracklib.html"?>
23
24	<sect1info>
25	<date>$Date$</date>
26	</sect1info>
27
28	<title>CrackLib-&cracklib-version;</title>
29
30	<indexterm zone="cracklib">
31	<primary sortas="a-CrackLib">CrackLib</primary>
32	</indexterm>
33
34	<sect2 role="package">
35	<title>Introduction to CrackLib</title>
36
37	<para>
38	The <application>CrackLib</application> package contains a
39	library used to enforce strong passwords by comparing user selected
40	passwords to words in chosen word lists.
41	</para>
42
43	&lfs101_checked;
44
45	<bridgehead renderas="sect3">Package Information</bridgehead>
46	<itemizedlist spacing="compact">
47	<listitem>
48	<para>
49	Download (HTTP): <ulink url="&cracklib-download-http;"/>
50	</para>
51	</listitem>
52	<listitem>
53	<para>
54	Download (FTP): <ulink url="&cracklib-download-ftp;"/>
55	</para>
56	</listitem>
57	<listitem>
58	<para>
59	Download MD5 sum: &cracklib-md5sum;
60	</para>
61	</listitem>
62	<listitem>
63	<para>
64	Download size: &cracklib-size;
65	</para>
66	</listitem>
67	<listitem>
68	<para>
69	Estimated disk space required: &cracklib-buildsize;
70	</para>
71	</listitem>
72	<listitem>
73	<para>
74	Estimated build time: &cracklib-time;
75	</para>
76	</listitem>
77	</itemizedlist>
78
79	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
80	<itemizedlist spacing="compact">
81	<listitem>
82	<para>
83	Recommended word list for English-speaking countries (size:
84	&crackdict-size;; md5sum: &crackdict-md5sum;):
85	<ulink url="&crackdict-download;"/>
86	</para>
87	</listitem>
88	</itemizedlist>
89
90	<para>
91	There are additional word lists available for download, e.g., from
92	<ulink url="http://www.cotse.com/tools/wordlists.htm"/>.
93	<application>CrackLib</application> can utilize as many, or as few word
94	lists you choose to install.
95	</para>
96
97	<important>
98	<para>
99	Users tend to base their passwords on regular words of the spoken
100	language, and crackers know that. <application>CrackLib</application>
101	is intended to filter out such bad passwords at the source using a
102	dictionary created from word lists. To accomplish this, the word
103	list(s) for use with <application>CrackLib</application> must be an
104	exhaustive list of words and word-based keystroke combinations likely
105	to be chosen by users of the system as (guessable) passwords.
106	</para>
107
108	<para>
109	The default word list recommended above for downloading mostly
110	satisfies this role in English-speaking countries. In other situations,
111	it may be necessary to download (or even create) additional word lists.
112	</para>
113
114	<para>
115	Note that word lists suitable for spell-checking are not usable
116	as <application>CrackLib</application> word lists in countries with
117	non-Latin based alphabets, because of <quote>word-based keystroke
118	combinations</quote> that make bad passwords.
119	</para>
120	</important>
121
122	<para condition="html" role="usernotes">User Notes:
123	<ulink url="&blfs-wiki;/cracklib"/>
124	</para>
125	</sect2>
126
127	<sect2 role="installation">
128	<title>Installation of CrackLib</title>
129
130	<para>
131	Install <application>CrackLib</application> by running the following
132	commands:
133	</para>
134
135	<screen><userinput>sed -i '/skipping/d' util/packer.c &&
136
137	PYTHON=python3 CPPFLAGS=-I/usr/include/python&python3-majorver; \
138	./configure --prefix=/usr \
139	--disable-static \
140	--with-default-dict=/usr/lib/cracklib/pw_dict &&
141	make</userinput></screen>
142
143	<para>
144	Now, as the <systemitem class="username">root</systemitem> user:
145	</para>
146
147	<screen role="root"><userinput>make install</userinput></screen>
148
149	<para>
150	Issue the following commands as the
151	<systemitem class="username">root</systemitem> user to install the
152	recommended word list and create the <application>CrackLib</application>
153	dictionary. Other word lists (text based, one word per line) can also be
154	used by simply installing them into
155	<filename class="directory">/usr/share/dict</filename> and adding them
156	to the <command>create-cracklib-dict</command> command.
157	</para>
158
159	<screen role="root"><userinput>install -v -m644 -D ../cracklib-words-&cracklib-version;.bz2 \
160	/usr/share/dict/cracklib-words.bz2 &&
161
162	bunzip2 -v /usr/share/dict/cracklib-words.bz2 &&
163	ln -v -sf cracklib-words /usr/share/dict/words &&
164	echo $(hostname) >> /usr/share/dict/cracklib-extra-words &&
165	install -v -m755 -d /usr/lib/cracklib &&
166
167	create-cracklib-dict /usr/share/dict/cracklib-words \
168	/usr/share/dict/cracklib-extra-words</userinput></screen>
169
170	<para>
171	If desired, check the proper operation of the library as an
172	unprivileged user by issuing the following command:
173	</para>
174
175	<screen remap="test"><userinput>make test</userinput></screen>
176
177	<important>
178	<para>
179	If you are installing <application>CrackLib</application> after
180	your LFS system has been completed and you have the
181	<application>Shadow</application> package installed, you must
182	reinstall <xref linkend="shadow"/> if you wish to provide strong
183	password support on your system. If you are now going to install the
184	<xref linkend="linux-pam"/> package, you may disregard this note as
185	<application>Shadow</application> will be reinstalled after the
186	<application>Linux-PAM</application> installation.
187	</para>
188	</important>
189
190	</sect2>
191
192	<sect2 role="commands">
193	<title>Command Explanations</title>
194
195	<para>
196	<command>sed -i '/skipping/d' util/packer.c</command>:
197	Remove a meaningless warning.
198	</para>
199
200	<para>
201	<envar>PYTHON=python3</envar>: This forces the installation of
202	python bindings for Python 3, even if Python 2 is installed.
203	</para>
204
205	<para>
206	<envar>CPPFLAGS=-I/usr/include/python&python3-majorver;</envar>:
207	This works around an issue caused by incorrect usage of Python 3
208	headers.
209	</para>
210
211	<para>
212	<parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>:
213	This parameter forces the installation of the
214	<application>CrackLib</application> dictionary to the
215	<filename class="directory">/lib</filename> hierarchy.
216	</para>
217
218	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
219	href="../../xincludes/static-libraries.xml"/>
220
221	<!-- FIXME: No longer needed with merged-/usr configuration
222	<para>
223	<command>mv -v /usr/lib/libcrack.so.2* /lib</command> and
224	<command>ln -v -sf ../../lib/libcrack.so.2.9.0 ...</command>: These two
225	commands move the <filename
226	class="libraryfile">libcrack.so.2.9.0</filename>
227	library and associated symlink from
228	<filename class="directory">/usr/lib</filename> to
229	<filename class="directory">/lib</filename>, then recreates the
230	<filename class="symlink">/usr/lib/libcrack.so</filename> symlink
231	pointing to the relocated file.
232	</para>
233	-->
234
235	<para>
236	<command>install -v -m644 -D ...</command>: This command creates the
237	<filename class="directory">/usr/share/dict</filename> directory (if it
238	doesn't already exist) and installs the compressed word list there.
239	</para>
240
241	<para>
242	<command>ln -v -s cracklib-words /usr/share/dict/words</command>: The
243	word list is linked to <filename>/usr/share/dict/words</filename> as
244	historically, <filename>words</filename> is the primary word list in the
245	<filename class="directory">/usr/share/dict</filename> directory. Omit
246	this command if you already have a
247	<filename>/usr/share/dict/words</filename> file installed on your system.
248	</para>
249
250	<para>
251	<command>echo $(hostname) >>...</command>: The value of
252	<command>hostname</command> is echoed to a file called
253	<filename>cracklib-extra-words</filename>. This extra file is intended
254	to be a site specific list which includes easy to guess passwords such
255	as company or department names, user names, product names, computer
256	names, domain names, etc.
257	</para>
258
259	<para>
260	<command>create-cracklib-dict ...</command>: This command creates the
261	<application>CrackLib</application> dictionary from the word lists.
262	Modify the command to add any additional word lists you have installed.
263	</para>
264
265	</sect2>
266
267	<sect2 role="content">
268	<title>Contents</title>
269
270	<segmentedlist>
271	<segtitle>Installed Programs</segtitle>
272	<segtitle>Installed Libraries</segtitle>
273	<segtitle>Installed Directories</segtitle>
274
275	<seglistitem>
276	<seg>cracklib-check, cracklib-format, cracklib-packer,
277	cracklib-unpacker and create-cracklib-dict</seg>
278
279	<seg>libcrack.so and the _cracklib.so
280	(<application>Python</application> module)</seg>
281
282	<seg>/lib/cracklib, /usr/share/dict and /usr/share/cracklib</seg>
283	</seglistitem>
284	</segmentedlist>
285
286	<variablelist>
287	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
288	<?dbfo list-presentation="list"?>
289	<?dbhtml list-presentation="table"?>
290
291	<varlistentry id="cracklib-check">
292	<term><command>cracklib-check</command></term>
293	<listitem>
294	<para>
295	is used to determine if a password is strong
296	</para>
297	<indexterm zone="cracklib cracklib-check">
298	<primary sortas="b-cracklib-check">cracklib-check</primary>
299	</indexterm>
300	</listitem>
301	</varlistentry>
302
303	<varlistentry id="cracklib-format">
304	<term><command>cracklib-format</command></term>
305	<listitem>
306	<para>
307	is used to format text files (lowercases all words,
308	removes control characters and sorts the lists)
309	</para>
310	<indexterm zone="cracklib cracklib-format">
311	<primary sortas="b-cracklib-format">cracklib-format</primary>
312	</indexterm>
313	</listitem>
314	</varlistentry>
315
316	<varlistentry id="cracklib-packer">
317	<term><command>cracklib-packer</command></term>
318	<listitem>
319	<para>
320	creates a database with words read from standard input
321	</para>
322	<indexterm zone="cracklib cracklib-packer">
323	<primary sortas="b-cracklib-packer">cracklib-packer</primary>
324	</indexterm>
325	</listitem>
326	</varlistentry>
327
328	<varlistentry id="cracklib-unpacker">
329	<term><command>cracklib-unpacker</command></term>
330	<listitem>
331	<para>
332	displays on standard output the database specified
333	</para>
334	<indexterm zone="cracklib cracklib-packer">
335	<primary sortas="b-cracklib-packer">cracklib-packer</primary>
336	</indexterm>
337	</listitem>
338	</varlistentry>
339
340	<varlistentry id="create-cracklib-dict">
341	<term><command>create-cracklib-dict</command></term>
342	<listitem>
343	<para>
344	is used to create the <application>CrackLib</application>
345	dictionary from the given word list(s)
346	</para>
347	<indexterm zone="cracklib create-cracklib-dict">
348	<primary sortas="b-create-cracklib-dict">create-cracklib-dict</primary>
349	</indexterm>
350	</listitem>
351	</varlistentry>
352
353	<varlistentry id="libcrack">
354	<term><filename class="libraryfile">libcrack.so</filename></term>
355	<listitem>
356	<para>
357	provides a fast dictionary lookup method for strong
358	password enforcement
359	</para>
360	<indexterm zone="cracklib libcrack">
361	<primary sortas="c-libcrack">libcrack.so</primary>
362	</indexterm>
363	</listitem>
364	</varlistentry>
365
366	</variablelist>
367
368	</sect2>
369
370	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: