glfs/postlfs/security/cracklib.xml

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
   "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../../general.ent">
  %general-entities;

  <!ENTITY cracklib-download-http "http://www.crypticide.com/users/alecm/security/cracklib,&cracklib-version;.tar.gz">
  <!ENTITY cracklib-download-ftp "ftp://ftp.cerias.purdue.edu/pub/tools/unix/libs/cracklib/cracklib.&cracklib-version;.tar.gz">
  <!ENTITY cracklib-http-md5sum "0c84ad7413d9dd3e5c2eaa5f97d53c4a">
  <!ENTITY cracklib-ftp-md5sum  "7f810e310c7f2df33d1eaa2b41ab2435">
  <!ENTITY cracklib-size      "21 KB">
  <!ENTITY cracklib-buildsize "21.8 MB">
  <!ENTITY cracklib-time      "0.05 SBU">
  <!ENTITY crackdict-size     "15.6 MB">
  <!ENTITY alldict-size       "466 KB">
]>

<sect1 id="cracklib" xreflabel="cracklib-&cracklib-version;">
<sect1info>
<othername>$LastChangedBy$</othername>
<date>$Date$</date>
</sect1info>
<?dbhtml filename="cracklib.html"?>
<title>cracklib-&cracklib-version;</title>
<indexterm zone="cracklib">
<primary sortas="a-Cracklib">Cracklib</primary></indexterm>

<sect2>
<title>Introduction to <application>cracklib</application></title>

<para>The <application>cracklib</application> package contains a library used 
to enforce strong passwords by comparing user selected passwords to words in a 
chosen wordlist.</para>

<sect3><title>Package information</title>
<itemizedlist spacing='compact'>
<listitem><para>Download (HTTP): <ulink
url="&cracklib-download-http;"/></para></listitem>
<listitem><para>Download (FTP): <ulink
url="&cracklib-download-ftp;"/></para></listitem>
<listitem><para>Download MD5 sum (HTTP): 
&cracklib-http-md5sum;</para></listitem>
<listitem><para>Download MD5 sum (FTP): 
&cracklib-ftp-md5sum;</para></listitem>
<listitem><para>Download size: &cracklib-size;</para></listitem>
<listitem><para>Estimated disk space required (with cracklib wordlist):
&cracklib-buildsize;</para></listitem>
<listitem><para>Estimated build time:
&cracklib-time;</para></listitem></itemizedlist>
</sect3>

<sect3><title>Additional downloads</title>
<itemizedlist spacing='compact'>
<listitem><para>Required Patch: <ulink
url="&patch-root;/cracklib,&cracklib-version;-blfs-1.patch"/></para></listitem>
<listitem><para>Recommended Patch: <ulink
url="&patch-root;/cracklib,&cracklib-version;-heimdal-1.patch"/></para>
</listitem>
</itemizedlist>

<para>You will also need to download a wordlist for use with 
<application>cracklib</application>. There are two wordlists to choose from at 
the following location.  Use the <filename>cracklib</filename> word list for 
good security, or opt for the <filename>allwords</filename> word list for 
lightweight machines short on <acronym>RAM</acronym>. You can of course choose 
any other word list that you have at your disposal.</para>

<itemizedlist spacing='compact'>
<listitem><para>cracklib (&crackdict-size;) at <ulink 
url="http://www.cotse.com/tools/wordlists.htm"/></para></listitem>
<listitem><para>allwords (&alldict-size;) at <ulink 
url="http://www.cotse.com/tools/wordlists.htm"/></para></listitem>
</itemizedlist>

</sect3>

</sect2>

<sect2>
<title>Installation of <application>cracklib</application></title>

<para>First, as the root user, install the chosen word list for 
<application>cracklib</application>:</para>

<screen><userinput role='root'><command>install -v -d -m755 /usr/share/dict &amp;&amp;
install -v -m644 ../<replaceable>[wordlist]</replaceable> /usr/share/dict &amp;&amp;
ln -v -sf <replaceable>[wordlist]</replaceable> /usr/share/dict/words &amp;&amp;
echo $(hostname) >> /usr/share/dict/extra.words</command></userinput></screen>

<para>The wordlist is linked to <filename>/usr/share/dict/words</filename> as 
historically, <filename>words</filename> is the primary wordlist in the 
<filename class="directory">/usr/share/dict</filename> directory. Additionally, 
the value of <command>hostname</command> is echoed to a file called 
<filename>extra.words</filename>. This extra file is intended to be a site 
specific list which includes easy to guess passwords such as company or 
department names, user's names, product names, computer names, domain names, 
etc.</para>

<para>Now apply the <acronym>BLFS</acronym> patch:</para>

<screen><userinput><command>patch -Np1 -i ../cracklib,&cracklib-version;-blfs-1.patch</command></userinput></screen>

<para>If necessary, apply the <application>Heimdal</application> patch:</para>

<screen><userinput><command>cp -R cracklib cracklib_krb5 &amp;&amp;
patch -Np1 -i ../cracklib,&cracklib-version;-heimdal-1.patch</command></userinput></screen>

<para>Finally, as the root user, build and install the package:</para>
<screen><userinput role='root'><command>make install &amp;&amp;
rm -v /lib/libcrack.so &amp;&amp;
ln -v -sf ../../lib/libcrack.so.2.7 /usr/lib/libcrack.so</command></userinput></screen>

</sect2>

<sect2>
<title>Command explanations</title>

<para><command>rm -v /lib/libcrack.so; ln -v -sf ... 
/usr/lib/libcrack.so</command>: These two commands move the 
<filename class='symlink'>libcrack.so</filename> 
symlink from <filename class='directory'>/lib</filename> to 
<filename class='directory'>/usr/lib</filename>.</para>

</sect2>

<sect2>
<title>Contents</title>

<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directory</segtitle>
<seglistitem>
<seg>create-cracklib-dict, mkdict and packer</seg>
<seg>libcrack.so and optionally, libcrack_krb5.so</seg>
<seg>/usr/share/dict</seg>
</seglistitem>
</segmentedlist>

<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>

<varlistentry id="libcrack">
<term><filename class='libraryfile'>libcrack.so</filename></term>
<listitem><para> libraries provide a fast dictionary lookup method for strong 
password enforcement.</para>
<indexterm zone="cracklib libcrack">
<primary sortas="c-libcrack">libcrack.so</primary></indexterm>
</listitem>
</varlistentry>
</variablelist>

</sect2>

</sect1>