aa610bac9d
Add new cracklib(3) manpage; add FascistCheck(3) function header file (actually called packer.h) and a MLINK to cracklib(3) manpage. Bump PORTREVISION to 1. Submitted by: Andrew J. Korty <ajk@iu.edu> (maintainer)
105 lines
2.1 KiB
Groff
105 lines
2.1 KiB
Groff
.TH CRACKLIB 3
|
|
.SH NAME
|
|
FascistCheck \- check a potential password for guessability
|
|
.SH LIBRARY
|
|
Cracklib (libcrack, -lcrack)
|
|
.SH SYNOPSIS
|
|
.nf
|
|
.ft B
|
|
#include <packer.h>
|
|
.ft
|
|
.LP
|
|
.nf
|
|
.ft B
|
|
char *FascistCheck(char *pw, char *dictpath)
|
|
.ft
|
|
.SH DESCRIPTION
|
|
.PP
|
|
.B CrackLib
|
|
is a library containing a C function which may be used in a
|
|
.BR passwd (1)-like
|
|
program.
|
|
.PP
|
|
The idea is simple: try to prevent users from choosing passwords that
|
|
could be guessed by
|
|
.B Crack
|
|
by filtering them out, at source.
|
|
.PP
|
|
.B FascistCheck(\|)
|
|
takes two arguments:
|
|
.TP 10
|
|
.I pw
|
|
a string containing the user's chosen "potential password"
|
|
.TP
|
|
.I dictpath
|
|
the full path name of the
|
|
.B CrackLib
|
|
dictionary, without the suffix
|
|
.PP
|
|
.B CrackLib
|
|
is an offshoot of the the version 5
|
|
.B Crack
|
|
software, and contains a considerable number of ideas nicked from the
|
|
new software.
|
|
.PP
|
|
.B CrackLib
|
|
makes literally hundreds of tests to determine whether you've
|
|
chosen a bad password.
|
|
.RS
|
|
.TP 3n
|
|
\(bu
|
|
It tries to generate words from your username and gecos entry to
|
|
try to match them against what you've chosen.
|
|
.PD 0
|
|
.TP
|
|
\(bu
|
|
It checks for simplistic patterns.
|
|
.TP
|
|
\(bu
|
|
It then tries to reverse-engineer your password into a dictionary
|
|
word, and searches for it in your dictionary.
|
|
.PD
|
|
.RE
|
|
.PP
|
|
After all that, it's
|
|
.I probably
|
|
a safe(-ish) password.
|
|
.SH "RETURN VALUE"
|
|
.B FascistCheck(\|)
|
|
returns the
|
|
.SM NULL
|
|
pointer for a good password or a pointer to a diagnostic string if it
|
|
is a bad password.
|
|
.SH BUGS
|
|
.LP
|
|
It can't catch everything.
|
|
Just most things.
|
|
.LP
|
|
It calls \fCgetpwuid(getuid())\fR to look up the user,
|
|
which
|
|
.I may
|
|
affect poorly written programs.
|
|
.LP
|
|
Using more than one dictionary file, \fIe.g.\fP:
|
|
.ft C
|
|
|
|
char *msg;
|
|
|
|
if (msg = FascistCheck(pw, "onepath") ||
|
|
msg = FascistCheck(pw, "anotherpath")) {
|
|
printf("Bad Password: because %s\\n", msg);
|
|
}
|
|
.ft
|
|
.LP
|
|
works, but it's a kludge.
|
|
.ft B
|
|
Avoid it if possible.
|
|
.ft
|
|
Using just the one dictionary is more efficient, anyway.
|
|
.LP
|
|
.B PWOpen(\|)
|
|
routines should cope with having more than one dictionary open at a
|
|
time.
|
|
.SH "SEE ALSO"
|
|
.BR passwd (1),
|
|
.BR getpwuid (3),
|