source: postlfs/security/cracklib.xml@ df9df07

10.0 10.1 11.0 7.10 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind ken/refactor-virt lazarus nosym perl-modules qt5new trunk upgradedb xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since df9df07 was df9df07, checked in by Bruce Dubbs <bdubbs@…>, 7 years ago

Update to lsof_4.89.
Update to cracklib-2.9.5.
Update to gnutls-3.4.3.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@16244 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 12.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cracklib-download-http "&sourceforge-repo;/cracklib/cracklib-&cracklib-version;.tar.gz">
8 <!ENTITY cracklib-download-ftp " ">
9 <!ENTITY cracklib-md5sum "376790a95c1fb645e59e6e9803c78582">
10 <!ENTITY cracklib-size "608 KB">
11 <!ENTITY cracklib-buildsize "3.8 MB">
12 <!ENTITY cracklib-time "0.1 SBU">
13
14 <!ENTITY crackdict-version "20080507">
15 <!ENTITY crackdict-download "&sourceforge-repo;/cracklib/cracklib-words-&crackdict-version;.gz">
16 <!ENTITY crackdict-size "4.5 MB">
17 <!ENTITY crackdict-md5sum "7fa6ba0cd50e7f9ccaf4707c810b14f1">
18]>
19
20<sect1 id="cracklib" xreflabel="CrackLib-&cracklib-version;">
21 <?dbhtml filename="cracklib.html"?>
22
23 <sect1info>
24 <othername>$LastChangedBy$</othername>
25 <date>$Date$</date>
26 </sect1info>
27
28 <title>CrackLib-&cracklib-version;</title>
29
30 <indexterm zone="cracklib">
31 <primary sortas="a-CrackLib">CrackLib</primary>
32 </indexterm>
33
34 <sect2 role="package">
35 <title>Introduction to CrackLib</title>
36
37 <para>The <application>CrackLib</application> package contains a
38 library used to enforce strong passwords by comparing user selected
39 passwords to words in chosen word lists.</para>
40
41 &lfs77_checked;
42
43 <bridgehead renderas="sect3">Package Information</bridgehead>
44 <itemizedlist spacing="compact">
45 <listitem>
46 <para>Download (HTTP): <ulink url="&cracklib-download-http;"/></para>
47 </listitem>
48 <listitem>
49 <para>Download (FTP): <ulink url="&cracklib-download-ftp;"/></para>
50 </listitem>
51 <listitem>
52 <para>Download MD5 sum: &cracklib-md5sum;</para>
53 </listitem>
54 <listitem>
55 <para>Download size: &cracklib-size;</para>
56 </listitem>
57 <listitem>
58 <para>Estimated disk space required: &cracklib-buildsize;</para>
59 </listitem>
60 <listitem>
61 <para>Estimated build time: &cracklib-time;</para>
62 </listitem>
63 </itemizedlist>
64
65 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
66 <itemizedlist spacing="compact">
67 <listitem>
68 <para>Recommended word list for English-speaking countries (size:
69 &crackdict-size;; md5sum: &crackdict-md5sum;):
70 <ulink url="&crackdict-download;"/></para>
71 </listitem>
72 </itemizedlist>
73
74 <para>There are additional word lists available for download, e.g., from
75 <ulink url="http://www.cotse.com/tools/wordlists.htm"/>.
76 <application>CrackLib</application> can utilize as many, or as few word
77 lists you choose to install.</para>
78
79 <important>
80 <para>Users tend to base their passwords on regular words of the spoken
81 language, and crackers know that. <application>CrackLib</application> is
82 intended to filter out such bad passwords at the source using a
83 dictionary created from word lists. To accomplish this, the word list(s)
84 for use with <application>CrackLib</application> must be an exhaustive
85 list of words and word-based keystroke combinations likely to be chosen
86 by users of the system as (guessable) passwords.</para>
87
88 <para>The default word list recommended above for downloading mostly
89 satisfies this role in English-speaking countries. In other situations,
90 it may be necessary to download (or even create) additional word
91 lists.</para>
92
93 <para>Note that word lists suitable for spell-checking are not usable
94 as <application>CrackLib</application> word lists in countries with
95 non-Latin based alphabets, because of <quote>word-based keystroke
96 combinations</quote> that make bad passwords.</para>
97 </important>
98
99 <bridgehead renderas="sect3">CrackLib Dependencies</bridgehead>
100
101 <bridgehead renderas="sect4">Optional</bridgehead>
102 <para role="optional">
103 <xref linkend="python2"/>
104 </para>
105
106 <para condition="html" role="usernotes">User Notes:
107 <ulink url="&blfs-wiki;/cracklib"/>
108 </para>
109 </sect2>
110
111 <sect2 role="installation">
112 <title>Installation of CrackLib</title>
113
114 <para>Install <application>CrackLib</application> by running the following
115 commands:</para>
116
117<screen><userinput>sed -i '/skipping/d' util/packer.c &amp;&amp;
118
119./configure --prefix=/usr \
120 --disable-static \
121 --with-default-dict=/lib/cracklib/pw_dict &amp;&amp;
122make</userinput></screen>
123
124 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
125
126<screen role="root"><userinput>make install &amp;&amp;
127mv -v /usr/lib/libcrack.so.* /lib &amp;&amp;
128ln -sfv ../../lib/$(readlink /usr/lib/libcrack.so) /usr/lib/libcrack.so</userinput></screen>
129
130 <para>Issue the following commands as the
131 <systemitem class="username">root</systemitem> user to install the
132 recommended word list and create the <application>CrackLib</application>
133 dictionary. Other word lists (text based, one word per line) can also be
134 used by simply installing them into
135 <filename class="directory">/usr/share/dict</filename> and adding them
136 to the <command>create-cracklib-dict</command> command.</para>
137
138<screen role="root"><userinput>install -v -m644 -D ../cracklib-words-&crackdict-version;.gz \
139 /usr/share/dict/cracklib-words.gz &amp;&amp;
140
141gunzip -v /usr/share/dict/cracklib-words.gz &amp;&amp;
142ln -v -sf cracklib-words /usr/share/dict/words &amp;&amp;
143echo $(hostname) >> /usr/share/dict/cracklib-extra-words &amp;&amp;
144install -v -m755 -d /lib/cracklib &amp;&amp;
145
146create-cracklib-dict /usr/share/dict/cracklib-words \
147 /usr/share/dict/cracklib-extra-words</userinput></screen>
148
149 <para>If desired, check the proper operation of the library as an
150 unprivileged user by issuing the following command:</para>
151
152<screen><userinput>make test</userinput></screen>
153
154 <important>
155 <para>If you are installing <application>CrackLib</application> after
156 your LFS system has been completed and you have the
157 <application>Shadow</application> package installed, you must
158 reinstall <xref linkend="shadow"/> if you wish to provide strong
159 password support on your system. If you are now going to install the
160 <xref linkend="linux-pam"/> package, you may disregard this note as
161 <application>Shadow</application> will be reinstalled after the
162 <application>Linux-PAM</application> installation.</para>
163 </important>
164
165 </sect2>
166
167 <sect2 role="commands">
168 <title>Command Explanations</title>
169
170 <para><command>sed -i '/skipping/d' util/packer.c</command>:
171 Remove a meaningless warning.</para>
172
173 <para><parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>:
174 This parameter forces the installation of the
175 <application>CrackLib</application> dictionary to the
176 <filename class="directory">/lib</filename> hierarchy.</para>
177
178 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
179 href="../../xincludes/static-libraries.xml"/>
180
181 <para><command>mv -v /usr/lib/libcrack.so.2* /lib</command> and
182 <command>ln -v -sf ../../lib/libcrack.so.2.8.1 ...</command>: These two
183 commands move the <filename class="libraryfile">libcrack.so.2.8.1</filename>
184 library and associated symlink from
185 <filename class="directory">/usr/lib</filename> to
186 <filename class="directory">/lib</filename>, then recreates the
187 <filename class="symlink">/usr/lib/libcrack.so</filename> symlink pointing
188 to the relocated file.</para>
189
190 <para><command>install -v -m644 -D ...</command>: This command creates the
191 <filename class="directory">/usr/share/dict</filename> directory (if it
192 doesn't already exist) and installs the compressed word list there.</para>
193
194 <para><command>ln -v -s cracklib-words /usr/share/dict/words</command>: The
195 word list is linked to <filename>/usr/share/dict/words</filename> as
196 historically, <filename>words</filename> is the primary word list in the
197 <filename class="directory">/usr/share/dict</filename> directory. Omit this
198 command if you already have a <filename>/usr/share/dict/words</filename>
199 file installed on your system.</para>
200
201 <para><command>echo $(hostname) >>...</command>: The value of
202 <command>hostname</command> is echoed to a file called
203 <filename>cracklib-extra-words</filename>. This extra file is intended to be
204 a site specific list which includes easy to guess passwords such as company
205 or department names, user's names, product names, computer names, domain
206 names, etc.</para>
207
208 <para><command>create-cracklib-dict ...</command>: This command creates the
209 <application>CrackLib</application> dictionary from the word lists. Modify
210 the command to add any additional word lists you have installed.</para>
211
212 </sect2>
213
214 <sect2 role="content">
215 <title>Contents</title>
216
217 <segmentedlist>
218 <segtitle>Installed Programs</segtitle>
219 <segtitle>Installed Libraries</segtitle>
220 <segtitle>Installed Directories</segtitle>
221
222 <seglistitem>
223 <seg>cracklib-check, cracklib-format, cracklib-packer,
224 cracklib-unpacker and create-cracklib-dict</seg>
225
226 <seg>libcrack.so and the _cracklibmodule.so
227 <application>Python</application> module</seg>
228
229 <seg>/lib/cracklib, /usr/share/dict and /usr/share/cracklib</seg>
230 </seglistitem>
231 </segmentedlist>
232
233 <variablelist>
234 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
235 <?dbfo list-presentation="list"?>
236 <?dbhtml list-presentation="table"?>
237
238 <varlistentry id="cracklib-check">
239 <term><command>cracklib-check</command></term>
240 <listitem>
241 <para>is used to determine if a password is strong.</para>
242 <indexterm zone="cracklib cracklib-check">
243 <primary sortas="b-cracklib-check">cracklib-check</primary>
244 </indexterm>
245 </listitem>
246 </varlistentry>
247
248 <varlistentry id="cracklib-format">
249 <term><command>cracklib-format</command></term>
250 <listitem>
251 <para>is used to format text files (lowercases all words,
252 removes controle characters and sorts the lists).</para>
253 <indexterm zone="cracklib cracklib-format">
254 <primary sortas="b-cracklib-format">cracklib-format</primary>
255 </indexterm>
256 </listitem>
257 </varlistentry>
258
259 <varlistentry id="cracklib-packer">
260 <term><command>cracklib-packer</command></term>
261 <listitem>
262 <para>creates a database with words read from standard input.</para>
263 <indexterm zone="cracklib cracklib-packer">
264 <primary sortas="b-cracklib-packer">cracklib-packer</primary>
265 </indexterm>
266 </listitem>
267 </varlistentry>
268
269 <varlistentry id="cracklib-unpacker">
270 <term><command>cracklib-unpacker</command></term>
271 <listitem>
272 <para>displays on standard output the database specified.</para>
273 <indexterm zone="cracklib cracklib-packer">
274 <primary sortas="b-cracklib-packer">cracklib-packer</primary>
275 </indexterm>
276 </listitem>
277 </varlistentry>
278
279 <varlistentry id="create-cracklib-dict">
280 <term><command>create-cracklib-dict</command></term>
281 <listitem>
282 <para>is used to create the <application>CrackLib</application>
283 dictionary from the given word list(s).</para>
284 <indexterm zone="cracklib create-cracklib-dict">
285 <primary sortas="b-create-cracklib-dict">create-cracklib-dict</primary>
286 </indexterm>
287 </listitem>
288 </varlistentry>
289
290 <varlistentry id="libcrack">
291 <term><filename class="libraryfile">libcrack.so</filename></term>
292 <listitem>
293 <para>provides a fast dictionary lookup method for strong
294 password enforcement.</para>
295 <indexterm zone="cracklib libcrack">
296 <primary sortas="c-libcrack">libcrack.so</primary>
297 </indexterm>
298 </listitem>
299 </varlistentry>
300
301 </variablelist>
302
303 </sect2>
304
305</sect1>
Note: See TracBrowser for help on using the repository browser.