source: postlfs/security/cracklib.xml@ ee3262b

10.0 10.1 11.0 11.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/test-20220226
Last change on this file since ee3262b was ee3262b, checked in by Randy McMurchy <randy@…>, 14 years ago

Updated the bootscript version so a new tarball will be generated; minor text corrections to the CrackLib instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@7559 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 10.9 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cracklib-download-http "http://downloads.sourceforge.net/cracklib/cracklib-&cracklib-version;.tar.gz">
8 <!ENTITY cracklib-download-ftp "&gentoo-ftp-repo;/cracklib-&cracklib-version;.tar.gz">
9 <!ENTITY cracklib-md5sum "580346fa1012f9d9769192f49d3801fa">
10 <!ENTITY cracklib-size "576 KB">
11 <!ENTITY cracklib-buildsize "29 MB">
12 <!ENTITY cracklib-time "0.3 SBU">
13
14 <!ENTITY crackdict-download "http://downloads.sourceforge.net/cracklib/cracklib-words-20080203.gz">
15 <!ENTITY crackdict-size "4.4 MB">
16 <!ENTITY crackdict-md5sum "f8be7949b1bbc044e36039598a7819d9">
17]>
18
19<sect1 id="cracklib" xreflabel="CrackLib-&cracklib-version;">
20 <?dbhtml filename="cracklib.html"?>
21
22 <sect1info>
23 <othername>$LastChangedBy$</othername>
24 <date>$Date$</date>
25 </sect1info>
26
27 <title>CrackLib-&cracklib-version;</title>
28
29 <indexterm zone="cracklib">
30 <primary sortas="a-CrackLib">CrackLib</primary>
31 </indexterm>
32
33 <sect2 role="package">
34 <title>Introduction to CrackLib</title>
35
36 <para>The <application>CrackLib</application> package contains a
37 library used to enforce strong passwords by comparing user selected
38 passwords to words in chosen word lists.</para>
39
40 <bridgehead renderas="sect3">Package Information</bridgehead>
41 <itemizedlist spacing="compact">
42 <listitem>
43 <para>Download (HTTP): <ulink url="&cracklib-download-http;"/></para>
44 </listitem>
45 <listitem>
46 <para>Download (FTP): <ulink url="&cracklib-download-ftp;"/></para>
47 </listitem>
48 <listitem>
49 <para>Download MD5 sum: &cracklib-md5sum;</para>
50 </listitem>
51 <listitem>
52 <para>Download size: &cracklib-size;</para>
53 </listitem>
54 <listitem>
55 <para>Estimated disk space required: &cracklib-buildsize;</para>
56 </listitem>
57 <listitem>
58 <para>Estimated build time: &cracklib-time;</para>
59 </listitem>
60 </itemizedlist>
61
62 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
63 <itemizedlist spacing='compact'>
64 <listitem>
65 <para>Recommended word list for English-speaking countries (size:
66 &crackdict-size;; md5sum: &crackdict-md5sum;):
67 <ulink url="&crackdict-download;"/></para>
68 </listitem>
69 <!-- <listitem>
70 <para>Required patch to create a library used with the Heimdal
71 Kerberos 5 package: <ulink
72 url="&patch-root;/cracklib-&cracklib-version;-heimdal-2.patch"/></para>
73 </listitem> -->
74 </itemizedlist>
75
76 <para>There are additional word lists available for download, e.g., from
77 <ulink url="http://www.cotse.com/tools/wordlists.htm"/>.
78 <application>CrackLib</application> can utilize as many, or as few word
79 lists you choose to install.</para>
80
81 <important>
82 <para>Users tend to base their passwords on regular words of the spoken
83 language, and crackers know that. <application>CrackLib</application> is
84 intended to filter out such bad passwords at the source using a
85 dictionary created from word lists. To accomplish this, the word list(s)
86 for use with <application>CrackLib</application> must be an exhaustive
87 list of words and word-based keystroke combinations likely to be chosen
88 by users of the system as (guessable) passwords.</para>
89
90 <para>The default word list recommended above for downloading mostly
91 satisfies this role in English-speaking countries. In other situations,
92 it may be necessary to download (or even create) additional word
93 lists.</para>
94
95 <para>Note that word lists suitable for spell-checking are not usable
96 as <application>CrackLib</application> word lists in countries with
97 non-Latin based alphabets, because of <quote>word-based keystroke
98 combinations</quote> that make bad passwords.</para>
99 </important>
100
101 <bridgehead renderas="sect3">CrackLib Dependencies</bridgehead>
102
103 <bridgehead renderas="sect4">Optional</bridgehead>
104 <para role="optional"><xref linkend="python"/></para>
105
106 <para condition="html" role="usernotes">User Notes:
107 <ulink url="&blfs-wiki;/cracklib"/></para>
108
109 </sect2>
110
111 <sect2 role="installation">
112 <title>Installation of CrackLib</title>
113
114 <!-- <para>If desired, apply the <application>Heimdal</application> patch
115 (note that with this patch the original library is not affected; this patch
116 only creates an additional library used by the
117 <application>Heimdal</application> password-checking routines):</para>
118
119<screen><userinput>patch -Np1 -i ../cracklib-&cracklib-version;-heimdal-2.patch</userinput></screen>
120 -->
121
122 <para>Install <application>CrackLib</application> by running the following
123 commands:</para>
124
125<screen><userinput>./configure --prefix=/usr \
126 --with-default-dict=/lib/cracklib/pw_dict &amp;&amp;
127make</userinput></screen>
128
129 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
130
131<screen role="root"><userinput>make install &amp;&amp;
132mv -v /usr/lib/libcrack.so.2* /lib &amp;&amp;
133ln -v -sf ../../lib/libcrack.so.2.8.0 /usr/lib/libcrack.so</userinput></screen>
134
135 <para>Issue the following commands as the
136 <systemitem class="username">root</systemitem> user to install the
137 recommended word list and create the <application>CrackLib</application>
138 dictionary. Other word lists (text based, one word per line) can also be
139 used by simply installing them into
140 <filename class='directory'>/usr/share/dict</filename> and adding them
141 to the <command>create-cracklib-dict</command> command.</para>
142
143<screen role="root"><userinput>install -v -m644 -D ../cracklib-words-20080203.gz \
144 /usr/share/dict/cracklib-words.gz &amp;&amp;
145gunzip -v /usr/share/dict/cracklib-words.gz &amp;&amp;
146ln -v -s cracklib-words /usr/share/dict/words &amp;&amp;
147echo $(hostname) >>/usr/share/dict/cracklib-extra-words &amp;&amp;
148install -v -m755 -d /lib/cracklib &amp;&amp;
149create-cracklib-dict /usr/share/dict/cracklib-words \
150 /usr/share/dict/cracklib-extra-words</userinput></screen>
151
152 <para>If desired, check the proper operation of the library as an
153 unprivileged user by creating a test data file and running the tests
154 using the following commands:</para>
155
156<screen><userinput>cat > test-data &lt;&lt;"EOF" &amp;&amp;
157antzer
158G@ndalf
159neulinger
160lantzer
161Pa$$w0rd
162PaS$W0rd
163Pas$w0rd
164Pas$W0rd
165Pa$sw0rd
166Pa$sW0rd
167EOF
168make test</userinput></screen>
169
170 <important>
171 <para>If you are installing <application>CrackLib</application> after
172 your LFS system has been completed and you have the
173 <application>Shadow</application> package installed, you must
174 reinstall <xref linkend="shadow"/> if you wish to provide strong
175 password support on your system. If you are now going to install the
176 <xref linkend="linux-pam"/> package, you may disregard this note as
177 <application>Shadow</application> will be reinstalled after the
178 <application>Linux-PAM</application> installation.</para>
179 </important>
180
181 </sect2>
182
183 <sect2 role="commands">
184 <title>Command Explanations</title>
185
186 <para><parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>:
187 This parameter forces the installation of the
188 <application>CrackLib</application> dictionary to the
189 <filename class='directory'>/lib</filename> hierarchy.</para>
190
191 <para><command>mv -v /usr/lib/libcrack.so.2* /lib</command> and
192 <command>ln -v -sf ../../lib/libcrack.so.2.8.0 ...</command>: These two
193 commands move the <filename class='libraryfile'>libcrack.so.2.8.0</filename>
194 library and associated symlink from
195 <filename class='directory'>/usr/lib</filename> to
196 <filename class='directory'>/lib</filename>, then recreates the
197 <filename class='symlink'>/usr/lib/libcrack.so</filename> symlink pointing
198 to the relocated file.</para>
199
200 <para><command>install -v -m644 -D ...</command>: This command creates the
201 <filename class='directory'>/usr/share/dict</filename> directory (if it
202 doesn't already exist) and installs the compressed word list there.</para>
203
204 <para><command>ln -v -s cracklib-words /usr/share/dict/words</command>: The
205 word list is linked to <filename>/usr/share/dict/words</filename> as
206 historically, <filename>words</filename> is the primary word list in the
207 <filename class="directory">/usr/share/dict</filename> directory. Omit this
208 command if you already have a <filename>/usr/share/dict/words</filename>
209 file installed on your system.</para>
210
211 <para><command>echo $(hostname) >>...</command>: The value of
212 <command>hostname</command> is echoed to a file called
213 <filename>cracklib-extra-words</filename>. This extra file is intended to be
214 a site specific list which includes easy to guess passwords such as company
215 or department names, user's names, product names, computer names, domain
216 names, etc.</para>
217
218 <para><command>create-cracklib-dict ...</command>: This command creates the
219 <application>CrackLib</application> dictionary from the word lists. Modify
220 the command to add any additional word lists you have installed.</para>
221
222 </sect2>
223
224 <sect2 role="content">
225 <title>Contents</title>
226
227 <segmentedlist>
228 <segtitle>Installed Programs</segtitle>
229 <segtitle>Installed Libraries</segtitle>
230 <segtitle>Installed Directories</segtitle>
231
232 <seglistitem>
233 <seg>cracklib-check, cracklib-format, cracklib-packer,
234 cracklib-unpacker and create-cracklib-dict</seg>
235 <seg>libcrack.{so,a} and the cracklibmodule.{so,a}
236 <application>Python</application> module</seg>
237 <seg>/lib/cracklib, /usr/share/dict and /usr/share/cracklib</seg>
238 </seglistitem>
239 </segmentedlist>
240
241 <variablelist>
242 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
243 <?dbfo list-presentation="list"?>
244 <?dbhtml list-presentation="table"?>
245
246 <varlistentry id="create-cracklib-dict">
247 <term><filename>create-cracklib-dict</filename></term>
248 <listitem>
249 <para>is used to create the <application>CrackLib</application>
250 dictionary from the given word list(s).</para>
251 <indexterm zone="cracklib create-cracklib-dict">
252 <primary sortas="b-create-cracklib-dict">create-cracklib-dict</primary>
253 </indexterm>
254 </listitem>
255 </varlistentry>
256
257 <varlistentry id="libcrack">
258 <term><filename class='libraryfile'>libcrack.{so,a}</filename></term>
259 <listitem>
260 <para>provides a fast dictionary lookup method for strong
261 password enforcement.</para>
262 <indexterm zone="cracklib libcrack">
263 <primary sortas="c-libcrack">libcrack.{so,a}</primary>
264 </indexterm>
265 </listitem>
266 </varlistentry>
267
268 </variablelist>
269
270 </sect2>
271
272</sect1>
Note: See TracBrowser for help on using the repository browser.