Changeset 47274444 for postlfs/security/cracklib.xml
- Timestamp:
- 03/24/2020 07:19:44 PM (4 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- fa3edfef
- Parents:
- 914049f6
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/cracklib.xml
r914049f6 r47274444 36 36 <title>Introduction to CrackLib</title> 37 37 38 <para>The <application>CrackLib</application> package contains a 39 library used to enforce strong passwords by comparing user selected 40 passwords to words in chosen word lists.</para> 38 <para> 39 The <application>CrackLib</application> package contains a 40 library used to enforce strong passwords by comparing user selected 41 passwords to words in chosen word lists. 42 </para> 41 43 42 44 &lfs91_checked; … … 45 47 <itemizedlist spacing="compact"> 46 48 <listitem> 47 <para>Download (HTTP): <ulink url="&cracklib-download-http;"/></para> 48 </listitem> 49 <listitem> 50 <para>Download (FTP): <ulink url="&cracklib-download-ftp;"/></para> 51 </listitem> 52 <listitem> 53 <para>Download MD5 sum: &cracklib-md5sum;</para> 54 </listitem> 55 <listitem> 56 <para>Download size: &cracklib-size;</para> 57 </listitem> 58 <listitem> 59 <para>Estimated disk space required: &cracklib-buildsize;</para> 60 </listitem> 61 <listitem> 62 <para>Estimated build time: &cracklib-time;</para> 49 <para> 50 Download (HTTP): <ulink url="&cracklib-download-http;"/> 51 </para> 52 </listitem> 53 <listitem> 54 <para> 55 Download (FTP): <ulink url="&cracklib-download-ftp;"/> 56 </para> 57 </listitem> 58 <listitem> 59 <para> 60 Download MD5 sum: &cracklib-md5sum; 61 </para> 62 </listitem> 63 <listitem> 64 <para> 65 Download size: &cracklib-size; 66 </para> 67 </listitem> 68 <listitem> 69 <para> 70 Estimated disk space required: &cracklib-buildsize; 71 </para> 72 </listitem> 73 <listitem> 74 <para> 75 Estimated build time: &cracklib-time; 76 </para> 63 77 </listitem> 64 78 </itemizedlist> … … 67 81 <itemizedlist spacing="compact"> 68 82 <listitem> 69 <para>Recommended word list for English-speaking countries (size: 70 &crackdict-size;; md5sum: &crackdict-md5sum;): 71 <ulink url="&crackdict-download;"/></para> 83 <para> 84 Recommended word list for English-speaking countries (size: 85 &crackdict-size;; md5sum: &crackdict-md5sum;): 86 <ulink url="&crackdict-download;"/> 87 </para> 72 88 </listitem> 73 89 </itemizedlist> 74 90 75 <para>There are additional word lists available for download, e.g., from 76 <ulink url="http://www.cotse.com/tools/wordlists.htm"/>. 77 <application>CrackLib</application> can utilize as many, or as few word 78 lists you choose to install.</para> 91 <para> 92 There are additional word lists available for download, e.g., from 93 <ulink url="http://www.cotse.com/tools/wordlists.htm"/>. 94 <application>CrackLib</application> can utilize as many, or as few word 95 lists you choose to install. 96 </para> 79 97 80 98 <important> 81 <para>Users tend to base their passwords on regular words of the spoken 82 language, and crackers know that. <application>CrackLib</application> is 83 intended to filter out such bad passwords at the source using a 84 dictionary created from word lists. To accomplish this, the word list(s) 85 for use with <application>CrackLib</application> must be an exhaustive 86 list of words and word-based keystroke combinations likely to be chosen 87 by users of the system as (guessable) passwords.</para> 88 89 <para>The default word list recommended above for downloading mostly 90 satisfies this role in English-speaking countries. In other situations, 91 it may be necessary to download (or even create) additional word 92 lists.</para> 93 94 <para>Note that word lists suitable for spell-checking are not usable 95 as <application>CrackLib</application> word lists in countries with 96 non-Latin based alphabets, because of <quote>word-based keystroke 97 combinations</quote> that make bad passwords.</para> 99 <para> 100 Users tend to base their passwords on regular words of the spoken 101 language, and crackers know that. <application>CrackLib</application> 102 is intended to filter out such bad passwords at the source using a 103 dictionary created from word lists. To accomplish this, the word 104 list(s) for use with <application>CrackLib</application> must be an 105 exhaustive list of words and word-based keystroke combinations likely 106 to be chosen by users of the system as (guessable) passwords. 107 </para> 108 109 <para> 110 The default word list recommended above for downloading mostly 111 satisfies this role in English-speaking countries. In other situations, 112 it may be necessary to download (or even create) additional word lists. 113 </para> 114 115 <para> 116 Note that word lists suitable for spell-checking are not usable 117 as <application>CrackLib</application> word lists in countries with 118 non-Latin based alphabets, because of <quote>word-based keystroke 119 combinations</quote> that make bad passwords. 120 </para> 98 121 </important> 99 122 … … 113 136 <title>Installation of CrackLib</title> 114 137 115 <para>Install <application>CrackLib</application> by running the following 116 commands:</para> 138 <para> 139 Install <application>CrackLib</application> by running the following 140 commands: 141 </para> 117 142 118 143 <screen><userinput>sed -i '/skipping/d' util/packer.c && … … 123 148 make</userinput></screen> 124 149 125 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 150 <para> 151 Now, as the <systemitem class="username">root</systemitem> user: 152 </para> 126 153 127 154 <screen role="root"><userinput>make install && … … 129 156 ln -sfv ../../lib/$(readlink /usr/lib/libcrack.so) /usr/lib/libcrack.so</userinput></screen> 130 157 131 <para>Issue the following commands as the 132 <systemitem class="username">root</systemitem> user to install the 133 recommended word list and create the <application>CrackLib</application> 134 dictionary. Other word lists (text based, one word per line) can also be 135 used by simply installing them into 136 <filename class="directory">/usr/share/dict</filename> and adding them 137 to the <command>create-cracklib-dict</command> command.</para> 158 <para> 159 Issue the following commands as the 160 <systemitem class="username">root</systemitem> user to install the 161 recommended word list and create the <application>CrackLib</application> 162 dictionary. Other word lists (text based, one word per line) can also be 163 used by simply installing them into 164 <filename class="directory">/usr/share/dict</filename> and adding them 165 to the <command>create-cracklib-dict</command> command. 166 </para> 138 167 139 168 <screen role="root"><userinput>install -v -m644 -D ../cracklib-words-&cracklib-version;.bz2 \ … … 148 177 /usr/share/dict/cracklib-extra-words</userinput></screen> 149 178 150 <para>If desired, check the proper operation of the library as an 151 unprivileged user by issuing the following command:</para> 179 <para> 180 If desired, check the proper operation of the library as an 181 unprivileged user by issuing the following command: 182 </para> 152 183 153 184 <screen remap="test"><userinput>make test</userinput></screen> 154 185 155 186 <important> 156 <para>If you are installing <application>CrackLib</application> after 157 your LFS system has been completed and you have the 158 <application>Shadow</application> package installed, you must 159 reinstall <xref linkend="shadow"/> if you wish to provide strong 160 password support on your system. If you are now going to install the 161 <xref linkend="linux-pam"/> package, you may disregard this note as 162 <application>Shadow</application> will be reinstalled after the 163 <application>Linux-PAM</application> installation.</para> 187 <para> 188 If you are installing <application>CrackLib</application> after 189 your LFS system has been completed and you have the 190 <application>Shadow</application> package installed, you must 191 reinstall <xref linkend="shadow"/> if you wish to provide strong 192 password support on your system. If you are now going to install the 193 <xref linkend="linux-pam"/> package, you may disregard this note as 194 <application>Shadow</application> will be reinstalled after the 195 <application>Linux-PAM</application> installation. 196 </para> 164 197 </important> 165 198 … … 169 202 <title>Command Explanations</title> 170 203 171 <para><command>sed -i '/skipping/d' util/packer.c</command>: 172 Remove a meaningless warning.</para> 173 174 <para><parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>: 175 This parameter forces the installation of the 176 <application>CrackLib</application> dictionary to the 177 <filename class="directory">/lib</filename> hierarchy.</para> 204 <para> 205 <command>sed -i '/skipping/d' util/packer.c</command>: 206 Remove a meaningless warning. 207 </para> 208 209 <para> 210 <parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>: 211 This parameter forces the installation of the 212 <application>CrackLib</application> dictionary to the 213 <filename class="directory">/lib</filename> hierarchy. 214 </para> 178 215 179 216 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" 180 217 href="../../xincludes/static-libraries.xml"/> 181 218 182 <para><command>mv -v /usr/lib/libcrack.so.2* /lib</command> and 183 <command>ln -v -sf ../../lib/libcrack.so.2.9.0 ...</command>: These two 184 commands move the <filename class="libraryfile">libcrack.so.2.9.0</filename> 185 library and associated symlink from 186 <filename class="directory">/usr/lib</filename> to 187 <filename class="directory">/lib</filename>, then recreates the 188 <filename class="symlink">/usr/lib/libcrack.so</filename> symlink pointing 189 to the relocated file.</para> 190 191 <para><command>install -v -m644 -D ...</command>: This command creates the 192 <filename class="directory">/usr/share/dict</filename> directory (if it 193 doesn't already exist) and installs the compressed word list there.</para> 194 195 <para><command>ln -v -s cracklib-words /usr/share/dict/words</command>: The 196 word list is linked to <filename>/usr/share/dict/words</filename> as 197 historically, <filename>words</filename> is the primary word list in the 198 <filename class="directory">/usr/share/dict</filename> directory. Omit this 199 command if you already have a <filename>/usr/share/dict/words</filename> 200 file installed on your system.</para> 201 202 <para><command>echo $(hostname) >>...</command>: The value of 203 <command>hostname</command> is echoed to a file called 204 <filename>cracklib-extra-words</filename>. This extra file is intended to be 205 a site specific list which includes easy to guess passwords such as company 206 or department names, user names, product names, computer names, domain 207 names, etc.</para> 208 209 <para><command>create-cracklib-dict ...</command>: This command creates the 210 <application>CrackLib</application> dictionary from the word lists. Modify 211 the command to add any additional word lists you have installed.</para> 219 <para> 220 <command>mv -v /usr/lib/libcrack.so.2* /lib</command> and 221 <command>ln -v -sf ../../lib/libcrack.so.2.9.0 ...</command>: These two 222 commands move the <filename 223 class="libraryfile">libcrack.so.2.9.0</filename> 224 library and associated symlink from 225 <filename class="directory">/usr/lib</filename> to 226 <filename class="directory">/lib</filename>, then recreates the 227 <filename class="symlink">/usr/lib/libcrack.so</filename> symlink 228 pointing to the relocated file. 229 </para> 230 231 <para> 232 <command>install -v -m644 -D ...</command>: This command creates the 233 <filename class="directory">/usr/share/dict</filename> directory (if it 234 doesn't already exist) and installs the compressed word list there. 235 </para> 236 237 <para> 238 <command>ln -v -s cracklib-words /usr/share/dict/words</command>: The 239 word list is linked to <filename>/usr/share/dict/words</filename> as 240 historically, <filename>words</filename> is the primary word list in the 241 <filename class="directory">/usr/share/dict</filename> directory. Omit 242 this command if you already have a 243 <filename>/usr/share/dict/words</filename> file installed on your system. 244 </para> 245 246 <para> 247 <command>echo $(hostname) >>...</command>: The value of 248 <command>hostname</command> is echoed to a file called 249 <filename>cracklib-extra-words</filename>. This extra file is intended 250 to be a site specific list which includes easy to guess passwords such 251 as company or department names, user names, product names, computer 252 names, domain names, etc. 253 </para> 254 255 <para> 256 <command>create-cracklib-dict ...</command>: This command creates the 257 <application>CrackLib</application> dictionary from the word lists. 258 Modify the command to add any additional word lists you have installed. 259 </para> 212 260 213 261 </sect2> … … 240 288 <term><command>cracklib-check</command></term> 241 289 <listitem> 242 <para>is used to determine if a password is strong.</para> 290 <para> 291 is used to determine if a password is strong. 292 </para> 243 293 <indexterm zone="cracklib cracklib-check"> 244 294 <primary sortas="b-cracklib-check">cracklib-check</primary> … … 250 300 <term><command>cracklib-format</command></term> 251 301 <listitem> 252 <para>is used to format text files (lowercases all words, 253 removes control characters and sorts the lists).</para> 302 <para> 303 is used to format text files (lowercases all words, 304 removes control characters and sorts the lists). 305 </para> 254 306 <indexterm zone="cracklib cracklib-format"> 255 307 <primary sortas="b-cracklib-format">cracklib-format</primary> … … 261 313 <term><command>cracklib-packer</command></term> 262 314 <listitem> 263 <para>creates a database with words read from standard input.</para> 315 <para> 316 creates a database with words read from standard input. 317 </para> 264 318 <indexterm zone="cracklib cracklib-packer"> 265 319 <primary sortas="b-cracklib-packer">cracklib-packer</primary> … … 271 325 <term><command>cracklib-unpacker</command></term> 272 326 <listitem> 273 <para>displays on standard output the database specified.</para> 327 <para> 328 displays on standard output the database specified. 329 </para> 274 330 <indexterm zone="cracklib cracklib-packer"> 275 331 <primary sortas="b-cracklib-packer">cracklib-packer</primary> … … 281 337 <term><command>create-cracklib-dict</command></term> 282 338 <listitem> 283 <para>is used to create the <application>CrackLib</application> 284 dictionary from the given word list(s).</para> 339 <para> 340 is used to create the <application>CrackLib</application> 341 dictionary from the given word list(s). 342 </para> 285 343 <indexterm zone="cracklib create-cracklib-dict"> 286 344 <primary sortas="b-create-cracklib-dict">create-cracklib-dict</primary> … … 292 350 <term><filename class="libraryfile">libcrack.so</filename></term> 293 351 <listitem> 294 <para>provides a fast dictionary lookup method for strong 295 password enforcement.</para> 352 <para> 353 provides a fast dictionary lookup method for strong 354 password enforcement. 355 </para> 296 356 <indexterm zone="cracklib libcrack"> 297 357 <primary sortas="c-libcrack">libcrack.so</primary>
Note:
See TracChangeset
for help on using the changeset viewer.