source: postlfs/security/cracklib.xml@ 9029db2

10.1 11.0 ken/refactor-virt lazarus qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 9029db2 was 9029db2, checked in by Bruce Dubbs <bdubbs@…>, 8 months ago

Tag most of General Libraries and dependencies

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24241 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 12.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cracklib-url "https://github.com/cracklib/cracklib/releases/download">
8
9 <!ENTITY cracklib-download-http "&cracklib-url;/v&cracklib-version;/cracklib-&cracklib-version;.tar.bz2">
10 <!ENTITY cracklib-download-ftp " ">
11 <!ENTITY cracklib-md5sum "0d68de25332cee5660850528a385427f">
12 <!ENTITY cracklib-size "592 KB">
13 <!ENTITY cracklib-buildsize "4.2 MB">
14 <!ENTITY cracklib-time "less than 0.1 SBU">
15
16 <!ENTITY crackdict-download "&cracklib-url;/v&cracklib-version;/cracklib-words-&cracklib-version;.bz2">
17 <!ENTITY crackdict-size "6.7 MB">
18 <!ENTITY crackdict-md5sum "94e9963e4786294f7fb0f2efd7618551">
19]>
20
21<sect1 id="cracklib" xreflabel="CrackLib-&cracklib-version;">
22 <?dbhtml filename="cracklib.html"?>
23
24 <sect1info>
25 <othername>$LastChangedBy$</othername>
26 <date>$Date$</date>
27 </sect1info>
28
29 <title>CrackLib-&cracklib-version;</title>
30
31 <indexterm zone="cracklib">
32 <primary sortas="a-CrackLib">CrackLib</primary>
33 </indexterm>
34
35 <sect2 role="package">
36 <title>Introduction to CrackLib</title>
37
38 <para>
39 The <application>CrackLib</application> package contains a
40 library used to enforce strong passwords by comparing user selected
41 passwords to words in chosen word lists.
42 </para>
43
44 &lfs101_checked;
45
46 <bridgehead renderas="sect3">Package Information</bridgehead>
47 <itemizedlist spacing="compact">
48 <listitem>
49 <para>
50 Download (HTTP): <ulink url="&cracklib-download-http;"/>
51 </para>
52 </listitem>
53 <listitem>
54 <para>
55 Download (FTP): <ulink url="&cracklib-download-ftp;"/>
56 </para>
57 </listitem>
58 <listitem>
59 <para>
60 Download MD5 sum: &cracklib-md5sum;
61 </para>
62 </listitem>
63 <listitem>
64 <para>
65 Download size: &cracklib-size;
66 </para>
67 </listitem>
68 <listitem>
69 <para>
70 Estimated disk space required: &cracklib-buildsize;
71 </para>
72 </listitem>
73 <listitem>
74 <para>
75 Estimated build time: &cracklib-time;
76 </para>
77 </listitem>
78 </itemizedlist>
79
80 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
81 <itemizedlist spacing="compact">
82 <listitem>
83 <para>
84 Recommended word list for English-speaking countries (size:
85 &crackdict-size;; md5sum: &crackdict-md5sum;):
86 <ulink url="&crackdict-download;"/>
87 </para>
88 </listitem>
89 </itemizedlist>
90
91 <para>
92 There are additional word lists available for download, e.g., from
93 <ulink url="http://www.cotse.com/tools/wordlists.htm"/>.
94 <application>CrackLib</application> can utilize as many, or as few word
95 lists you choose to install.
96 </para>
97
98 <important>
99 <para>
100 Users tend to base their passwords on regular words of the spoken
101 language, and crackers know that. <application>CrackLib</application>
102 is intended to filter out such bad passwords at the source using a
103 dictionary created from word lists. To accomplish this, the word
104 list(s) for use with <application>CrackLib</application> must be an
105 exhaustive list of words and word-based keystroke combinations likely
106 to be chosen by users of the system as (guessable) passwords.
107 </para>
108
109 <para>
110 The default word list recommended above for downloading mostly
111 satisfies this role in English-speaking countries. In other situations,
112 it may be necessary to download (or even create) additional word lists.
113 </para>
114
115 <para>
116 Note that word lists suitable for spell-checking are not usable
117 as <application>CrackLib</application> word lists in countries with
118 non-Latin based alphabets, because of <quote>word-based keystroke
119 combinations</quote> that make bad passwords.
120 </para>
121 </important>
122
123 <bridgehead renderas="sect3">CrackLib Dependencies</bridgehead>
124
125 <bridgehead renderas="sect4">Optional</bridgehead>
126 <para role="optional">
127 <xref linkend="python2"/>
128 </para>
129
130 <para condition="html" role="usernotes">User Notes:
131 <ulink url="&blfs-wiki;/cracklib"/>
132 </para>
133 </sect2>
134
135 <sect2 role="installation">
136 <title>Installation of CrackLib</title>
137
138 <para>
139 Install <application>CrackLib</application> by running the following
140 commands:
141 </para>
142
143<screen><userinput>sed -i '/skipping/d' util/packer.c &amp;&amp;
144
145./configure --prefix=/usr \
146 --disable-static \
147 --with-default-dict=/lib/cracklib/pw_dict &amp;&amp;
148make</userinput></screen>
149
150 <para>
151 Now, as the <systemitem class="username">root</systemitem> user:
152 </para>
153
154<screen role="root"><userinput>make install &amp;&amp;
155mv -v /usr/lib/libcrack.so.* /lib &amp;&amp;
156ln -sfv ../../lib/$(readlink /usr/lib/libcrack.so) /usr/lib/libcrack.so</userinput></screen>
157
158 <para>
159 Issue the following commands as the
160 <systemitem class="username">root</systemitem> user to install the
161 recommended word list and create the <application>CrackLib</application>
162 dictionary. Other word lists (text based, one word per line) can also be
163 used by simply installing them into
164 <filename class="directory">/usr/share/dict</filename> and adding them
165 to the <command>create-cracklib-dict</command> command.
166 </para>
167
168<screen role="root"><userinput>install -v -m644 -D ../cracklib-words-&cracklib-version;.bz2 \
169 /usr/share/dict/cracklib-words.bz2 &amp;&amp;
170
171bunzip2 -v /usr/share/dict/cracklib-words.bz2 &amp;&amp;
172ln -v -sf cracklib-words /usr/share/dict/words &amp;&amp;
173echo $(hostname) >> /usr/share/dict/cracklib-extra-words &amp;&amp;
174install -v -m755 -d /lib/cracklib &amp;&amp;
175
176create-cracklib-dict /usr/share/dict/cracklib-words \
177 /usr/share/dict/cracklib-extra-words</userinput></screen>
178
179 <para>
180 If desired, check the proper operation of the library as an
181 unprivileged user by issuing the following command:
182 </para>
183
184<screen remap="test"><userinput>make test</userinput></screen>
185
186 <important>
187 <para>
188 If you are installing <application>CrackLib</application> after
189 your LFS system has been completed and you have the
190 <application>Shadow</application> package installed, you must
191 reinstall <xref linkend="shadow"/> if you wish to provide strong
192 password support on your system. If you are now going to install the
193 <xref linkend="linux-pam"/> package, you may disregard this note as
194 <application>Shadow</application> will be reinstalled after the
195 <application>Linux-PAM</application> installation.
196 </para>
197 </important>
198
199 </sect2>
200
201 <sect2 role="commands">
202 <title>Command Explanations</title>
203
204 <para>
205 <command>sed -i '/skipping/d' util/packer.c</command>:
206 Remove a meaningless warning.
207 </para>
208
209 <para>
210 <parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>:
211 This parameter forces the installation of the
212 <application>CrackLib</application> dictionary to the
213 <filename class="directory">/lib</filename> hierarchy.
214 </para>
215
216 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
217 href="../../xincludes/static-libraries.xml"/>
218
219 <para>
220 <command>mv -v /usr/lib/libcrack.so.2* /lib</command> and
221 <command>ln -v -sf ../../lib/libcrack.so.2.9.0 ...</command>: These two
222 commands move the <filename
223 class="libraryfile">libcrack.so.2.9.0</filename>
224 library and associated symlink from
225 <filename class="directory">/usr/lib</filename> to
226 <filename class="directory">/lib</filename>, then recreates the
227 <filename class="symlink">/usr/lib/libcrack.so</filename> symlink
228 pointing to the relocated file.
229 </para>
230
231 <para>
232 <command>install -v -m644 -D ...</command>: This command creates the
233 <filename class="directory">/usr/share/dict</filename> directory (if it
234 doesn't already exist) and installs the compressed word list there.
235 </para>
236
237 <para>
238 <command>ln -v -s cracklib-words /usr/share/dict/words</command>: The
239 word list is linked to <filename>/usr/share/dict/words</filename> as
240 historically, <filename>words</filename> is the primary word list in the
241 <filename class="directory">/usr/share/dict</filename> directory. Omit
242 this command if you already have a
243 <filename>/usr/share/dict/words</filename> file installed on your system.
244 </para>
245
246 <para>
247 <command>echo $(hostname) >>...</command>: The value of
248 <command>hostname</command> is echoed to a file called
249 <filename>cracklib-extra-words</filename>. This extra file is intended
250 to be a site specific list which includes easy to guess passwords such
251 as company or department names, user names, product names, computer
252 names, domain names, etc.
253 </para>
254
255 <para>
256 <command>create-cracklib-dict ...</command>: This command creates the
257 <application>CrackLib</application> dictionary from the word lists.
258 Modify the command to add any additional word lists you have installed.
259 </para>
260
261 </sect2>
262
263 <sect2 role="content">
264 <title>Contents</title>
265
266 <segmentedlist>
267 <segtitle>Installed Programs</segtitle>
268 <segtitle>Installed Libraries</segtitle>
269 <segtitle>Installed Directories</segtitle>
270
271 <seglistitem>
272 <seg>cracklib-check, cracklib-format, cracklib-packer,
273 cracklib-unpacker and create-cracklib-dict</seg>
274
275 <seg>libcrack.so and the _cracklibmodule.so
276 <application>Python</application> module</seg>
277
278 <seg>/lib/cracklib, /usr/share/dict and /usr/share/cracklib</seg>
279 </seglistitem>
280 </segmentedlist>
281
282 <variablelist>
283 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
284 <?dbfo list-presentation="list"?>
285 <?dbhtml list-presentation="table"?>
286
287 <varlistentry id="cracklib-check">
288 <term><command>cracklib-check</command></term>
289 <listitem>
290 <para>
291 is used to determine if a password is strong
292 </para>
293 <indexterm zone="cracklib cracklib-check">
294 <primary sortas="b-cracklib-check">cracklib-check</primary>
295 </indexterm>
296 </listitem>
297 </varlistentry>
298
299 <varlistentry id="cracklib-format">
300 <term><command>cracklib-format</command></term>
301 <listitem>
302 <para>
303 is used to format text files (lowercases all words,
304 removes control characters and sorts the lists)
305 </para>
306 <indexterm zone="cracklib cracklib-format">
307 <primary sortas="b-cracklib-format">cracklib-format</primary>
308 </indexterm>
309 </listitem>
310 </varlistentry>
311
312 <varlistentry id="cracklib-packer">
313 <term><command>cracklib-packer</command></term>
314 <listitem>
315 <para>
316 creates a database with words read from standard input
317 </para>
318 <indexterm zone="cracklib cracklib-packer">
319 <primary sortas="b-cracklib-packer">cracklib-packer</primary>
320 </indexterm>
321 </listitem>
322 </varlistentry>
323
324 <varlistentry id="cracklib-unpacker">
325 <term><command>cracklib-unpacker</command></term>
326 <listitem>
327 <para>
328 displays on standard output the database specified
329 </para>
330 <indexterm zone="cracklib cracklib-packer">
331 <primary sortas="b-cracklib-packer">cracklib-packer</primary>
332 </indexterm>
333 </listitem>
334 </varlistentry>
335
336 <varlistentry id="create-cracklib-dict">
337 <term><command>create-cracklib-dict</command></term>
338 <listitem>
339 <para>
340 is used to create the <application>CrackLib</application>
341 dictionary from the given word list(s)
342 </para>
343 <indexterm zone="cracklib create-cracklib-dict">
344 <primary sortas="b-create-cracklib-dict">create-cracklib-dict</primary>
345 </indexterm>
346 </listitem>
347 </varlistentry>
348
349 <varlistentry id="libcrack">
350 <term><filename class="libraryfile">libcrack.so</filename></term>
351 <listitem>
352 <para>
353 provides a fast dictionary lookup method for strong
354 password enforcement
355 </para>
356 <indexterm zone="cracklib libcrack">
357 <primary sortas="c-libcrack">libcrack.so</primary>
358 </indexterm>
359 </listitem>
360 </varlistentry>
361
362 </variablelist>
363
364 </sect2>
365
366</sect1>
Note: See TracBrowser for help on using the repository browser.