Context Navigation

-              r914049f6
+              r47274444
     <title>Introduction to CrackLib</title>
+    <para>The <application>CrackLib</application> package contains a
+    library used to enforce strong passwords by comparing user selected
+    passwords to words in chosen word lists.</para>
+    <para>
+      The <application>CrackLib</application> package contains a
+      library used to enforce strong passwords by comparing user selected
+      passwords to words in chosen word lists.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&cracklib-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&cracklib-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &cracklib-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &cracklib-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &cracklib-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &cracklib-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&cracklib-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&cracklib-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &cracklib-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &cracklib-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &cracklib-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &cracklib-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Recommended word list for English-speaking countries (size:
+        &crackdict-size;; md5sum: &crackdict-md5sum;):
+        <ulink url="&crackdict-download;"/></para>
+        <para>
+          Recommended word list for English-speaking countries (size:
+          &crackdict-size;; md5sum: &crackdict-md5sum;):
+          <ulink url="&crackdict-download;"/>
+        </para>
       </listitem>
     </itemizedlist>
+    <para>There are additional word lists available for download, e.g., from
+    <ulink url="http://www.cotse.com/tools/wordlists.htm"/>.
+    <application>CrackLib</application> can utilize as many, or as few word
+    lists you choose to install.</para>
+    <para>
+      There are additional word lists available for download, e.g., from
+      <ulink url="http://www.cotse.com/tools/wordlists.htm"/>.
+      <application>CrackLib</application> can utilize as many, or as few word
+      lists you choose to install.
+    </para>
     <important>
+      <para>Users tend to base their passwords on regular words of the spoken
+      language, and crackers know that. <application>CrackLib</application> is
+      intended to filter out such bad passwords at the source using a
+      dictionary created from word lists. To accomplish this, the word list(s)
+      for use with <application>CrackLib</application> must be an exhaustive
+      list of words and word-based keystroke combinations likely to be chosen
+      by users of the system as (guessable) passwords.</para>
+      <para>The default word list recommended above for downloading mostly
+      satisfies this role in English-speaking countries. In other situations,
+      it may be necessary to download (or even create) additional word
+      lists.</para>
+      <para>Note that word lists suitable for spell-checking are not usable
+      as <application>CrackLib</application> word lists in countries with
+      non-Latin based alphabets, because of <quote>word-based keystroke
+      combinations</quote> that make bad passwords.</para>
+      <para>
+        Users tend to base their passwords on regular words of the spoken
+        language, and crackers know that. <application>CrackLib</application>
+        is intended to filter out such bad passwords at the source using a
+        dictionary created from word lists. To accomplish this, the word
+        list(s) for use with <application>CrackLib</application> must be an
+        exhaustive list of words and word-based keystroke combinations likely
+        to be chosen by users of the system as (guessable) passwords.
+      </para>
+      <para>
+        The default word list recommended above for downloading mostly
+        satisfies this role in English-speaking countries. In other situations,
+        it may be necessary to download (or even create) additional word lists.
+      </para>
+      <para>
+        Note that word lists suitable for spell-checking are not usable
+        as <application>CrackLib</application> word lists in countries with
+        non-Latin based alphabets, because of <quote>word-based keystroke
+        combinations</quote> that make bad passwords.
+      </para>
     </important>
 …
     <title>Installation of CrackLib</title>
+    <para>Install <application>CrackLib</application> by running the following
+    commands:</para>
+    <para>
+      Install <application>CrackLib</application> by running the following
+      commands:
+    </para>
 <screen><userinput>sed -i '/skipping/d' util/packer.c &amp;&amp;
 …
 make</userinput></screen>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make install                      &amp;&amp;
 …
 ln -sfv ../../lib/$(readlink /usr/lib/libcrack.so) /usr/lib/libcrack.so</userinput></screen>
+    <para>Issue the following commands as the
+    <systemitem class="username">root</systemitem> user to install the
+    recommended word list and create the <application>CrackLib</application>
+    dictionary. Other word lists (text based, one word per line) can also be
+    used by simply installing them into
+    <filename class="directory">/usr/share/dict</filename> and adding them
+    to the <command>create-cracklib-dict</command> command.</para>
+    <para>
+      Issue the following commands as the
+      <systemitem class="username">root</systemitem> user to install the
+      recommended word list and create the <application>CrackLib</application>
+      dictionary. Other word lists (text based, one word per line) can also be
+      used by simply installing them into
+      <filename class="directory">/usr/share/dict</filename> and adding them
+      to the <command>create-cracklib-dict</command> command.
+    </para>
 <screen role="root"><userinput>install -v -m644 -D    ../cracklib-words-&cracklib-version;.bz2 \
 …
                          /usr/share/dict/cracklib-extra-words</userinput></screen>
+    <para>If desired, check the proper operation of the library as an
+    unprivileged user by issuing the following command:</para>
+    <para>
+      If desired, check the proper operation of the library as an
+      unprivileged user by issuing the following command:
+    </para>
 <screen remap="test"><userinput>make test</userinput></screen>
     <important>
+      <para>If you are installing <application>CrackLib</application> after
+      your LFS system has been completed and you have the
+      <application>Shadow</application> package installed, you must
+      reinstall <xref linkend="shadow"/> if you wish to provide strong
+      password support on your system. If you are now going to install the
+      <xref linkend="linux-pam"/> package, you may disregard this note as
+      <application>Shadow</application> will be reinstalled after the
+      <application>Linux-PAM</application> installation.</para>
+      <para>
+        If you are installing <application>CrackLib</application> after
+        your LFS system has been completed and you have the
+        <application>Shadow</application> package installed, you must
+        reinstall <xref linkend="shadow"/> if you wish to provide strong
+        password support on your system. If you are now going to install the
+        <xref linkend="linux-pam"/> package, you may disregard this note as
+        <application>Shadow</application> will be reinstalled after the
+        <application>Linux-PAM</application> installation.
+      </para>
     </important>
 …
     <title>Command Explanations</title>
+    <para><command>sed -i '/skipping/d' util/packer.c</command>:
+    Remove a meaningless warning.</para>
+    <para><parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>:
+    This parameter forces the installation of the
+    <application>CrackLib</application> dictionary to the
+    <filename class="directory">/lib</filename> hierarchy.</para>
+    <para>
+      <command>sed -i '/skipping/d' util/packer.c</command>:
+      Remove a meaningless warning.
+    </para>
+    <para>
+      <parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>:
+      This parameter forces the installation of the
+      <application>CrackLib</application> dictionary to the
+      <filename class="directory">/lib</filename> hierarchy.
+    </para>
     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
       href="../../xincludes/static-libraries.xml"/>
+    <para><command>mv -v /usr/lib/libcrack.so.2* /lib</command> and
+    <command>ln -v -sf ../../lib/libcrack.so.2.9.0 ...</command>: These two
+    commands move the <filename class="libraryfile">libcrack.so.2.9.0</filename>
+    library and associated symlink from
+    <filename class="directory">/usr/lib</filename> to
+    <filename class="directory">/lib</filename>, then recreates the
+    <filename class="symlink">/usr/lib/libcrack.so</filename> symlink pointing
+    to the relocated file.</para>
+    <para><command>install -v -m644 -D ...</command>: This command creates the
+    <filename class="directory">/usr/share/dict</filename> directory (if it
+    doesn't already exist) and installs the compressed word list there.</para>
+    <para><command>ln -v -s cracklib-words /usr/share/dict/words</command>: The
+    word list is linked to <filename>/usr/share/dict/words</filename> as
+    historically, <filename>words</filename> is the primary word list in the
+    <filename class="directory">/usr/share/dict</filename> directory. Omit this
+    command if you already have a <filename>/usr/share/dict/words</filename>
+    file installed on your system.</para>
+    <para><command>echo $(hostname) >>...</command>: The value of
+    <command>hostname</command> is echoed to a file called
+    <filename>cracklib-extra-words</filename>. This extra file is intended to be
+    a site specific list which includes easy to guess passwords such as company
+    or department names, user names, product names, computer names, domain
+    names, etc.</para>
+    <para><command>create-cracklib-dict ...</command>: This command creates the
+    <application>CrackLib</application> dictionary from the word lists. Modify
+    the command to add any additional word lists you have installed.</para>
+    <para>
+      <command>mv -v /usr/lib/libcrack.so.2* /lib</command> and
+      <command>ln -v -sf ../../lib/libcrack.so.2.9.0 ...</command>: These two
+      commands move the <filename
+      class="libraryfile">libcrack.so.2.9.0</filename>
+      library and associated symlink from
+      <filename class="directory">/usr/lib</filename> to
+      <filename class="directory">/lib</filename>, then recreates the
+      <filename class="symlink">/usr/lib/libcrack.so</filename> symlink
+      pointing to the relocated file.
+    </para>
+    <para>
+      <command>install -v -m644 -D ...</command>: This command creates the
+      <filename class="directory">/usr/share/dict</filename> directory (if it
+      doesn't already exist) and installs the compressed word list there.
+    </para>
+    <para>
+      <command>ln -v -s cracklib-words /usr/share/dict/words</command>: The
+      word list is linked to <filename>/usr/share/dict/words</filename> as
+      historically, <filename>words</filename> is the primary word list in the
+      <filename class="directory">/usr/share/dict</filename> directory. Omit
+      this command if you already have a
+      <filename>/usr/share/dict/words</filename> file installed on your system.
+    </para>
+    <para>
+      <command>echo $(hostname) >>...</command>: The value of
+      <command>hostname</command> is echoed to a file called
+      <filename>cracklib-extra-words</filename>. This extra file is intended
+      to be a site specific list which includes easy to guess passwords such
+      as company or department names, user names, product names, computer
+      names, domain names, etc.
+    </para>
+    <para>
+      <command>create-cracklib-dict ...</command>: This command creates the
+      <application>CrackLib</application> dictionary from the word lists.
+      Modify the command to add any additional word lists you have installed.
+    </para>
   </sect2>
 …
         <term><command>cracklib-check</command></term>
         <listitem>
+          <para>is used to determine if a password is strong.</para>
+          <para>
+            is used to determine if a password is strong.
+          </para>
           <indexterm zone="cracklib cracklib-check">
             <primary sortas="b-cracklib-check">cracklib-check</primary>
 …
         <term><command>cracklib-format</command></term>
         <listitem>
+          <para>is used to format text files (lowercases all words,
+          removes control characters and sorts the lists).</para>
+          <para>
+            is used to format text files (lowercases all words,
+            removes control characters and sorts the lists).
+          </para>
           <indexterm zone="cracklib cracklib-format">
             <primary sortas="b-cracklib-format">cracklib-format</primary>
 …
         <term><command>cracklib-packer</command></term>
         <listitem>
+          <para>creates a database with words read from standard input.</para>
+          <para>
+            creates a database with words read from standard input.
+          </para>
           <indexterm zone="cracklib cracklib-packer">
             <primary sortas="b-cracklib-packer">cracklib-packer</primary>
 …
         <term><command>cracklib-unpacker</command></term>
         <listitem>
+          <para>displays on standard output the database specified.</para>
+          <para>
+            displays on standard output the database specified.
+          </para>
           <indexterm zone="cracklib cracklib-packer">
             <primary sortas="b-cracklib-packer">cracklib-packer</primary>
 …
         <term><command>create-cracklib-dict</command></term>
         <listitem>
+          <para>is used to create the <application>CrackLib</application>
+          dictionary from the given word list(s).</para>
+          <para>
+            is used to create the <application>CrackLib</application>
+            dictionary from the given word list(s).
+          </para>
           <indexterm zone="cracklib create-cracklib-dict">
             <primary sortas="b-create-cracklib-dict">create-cracklib-dict</primary>
 …
         <term><filename class="libraryfile">libcrack.so</filename></term>
         <listitem>
+          <para>provides a fast dictionary lookup method for strong
+          password enforcement.</para>
+          <para>
+            provides a fast dictionary lookup method for strong
+            password enforcement.
+          </para>
           <indexterm zone="cracklib libcrack">
             <primary sortas="c-libcrack">libcrack.so</primary>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 47274444 for postlfs/security/cracklib.xml

Legend:

postlfs/security/cracklib.xml

Download in other formats: