added cracklib-2.7

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2045 af4574ff-66df-0310-9fd7-8a98e5e911e0

index.xml

@@ -2,9 +2,9 @@
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" 
 			"/usr/share/docbook/docbookx.dtd" [
 
-<!ENTITY version "CVS-20040421">
-<!ENTITY releasedate "April 21st, 2004">
-<!ENTITY pubdate "2004-04-21">
+<!ENTITY version "CVS-20040422">
+<!ENTITY releasedate "April 22nd, 2004">
+<!ENTITY pubdate "2004-04-22">
 <!ENTITY blfs-version "cvs">
 
 <!ENTITY % book SYSTEM "book/book.ent">

introduction/welcome/changelog.xml

@@ -11,6 +11,9 @@ who wrote what.</para>
 
 <itemizedlist>
 
+<listitem><para>April 22nd, 2004 [igor]: Added cracklib-2.7,
+contributed by DJ Lucas.</para></listitem>
+
 <listitem><para>April 21st, 2004 [igor]: Updated to OpenSSH-3.8.1p1,
 libxml2-2.6.9 and libxslt-1.1.6 thanks to Thomas Beneke and
 Matthew Burgess.</para></listitem>

introduction/welcome/credits.xml

@@ -166,8 +166,7 @@ Bauscher</emphasis></para></listitem>
 ImageMagick, hd2u,
 STLport, tcl, tk and bind-utils: <emphasis>Tushar Teredesai</emphasis></para></listitem>
 
-<listitem><para>libpcap, ncpfs, netfs, ppp(update) and RP-PPPoE: <emphasis>DJ Lucas</emphasis></para>
-</listitem>
+<listitem><para>cracklib, libpcap, ncpfs, netfs, ppp(update) and RP-PPPoE: <emphasis>DJ Lucas</emphasis></para></listitem>
 
 <listitem><para>ntp: <emphasis>Eric Konopka</emphasis></para></listitem>
 
@@ -246,8 +245,8 @@ for tcp_wrappers and portmap.</para></listitem>
 mozilla section by performing multiple builds and for providing a description
 of the various mozilla extensions.</para></listitem>
 
-<listitem><para><emphasis>Nathan Coulson</emphasis> for writing the mass
-majority of the new network bootscripts (pending).</para></listitem>
+<listitem><para><emphasis>Nathan Coulson</emphasis> for writing the new
+network bootscripts.</para></listitem>
 
 <listitem><para><emphasis>Alexander E. Patrakov</emphasis> for patches and
 suggestions to improve the book content and increasing the <acronym>l10n</acronym>

postlfs/postlfs.ent

@@ -24,6 +24,8 @@
 <!ENTITY postlfs-security-nessus SYSTEM "security/nessus.xml">
 <!ENTITY % tripwire SYSTEM "security/tripwire/tripwire.ent">
 %tripwire;
+<!ENTITY % cracklib SYSTEM "security/cracklib/cracklib.ent">
+%cracklib;
 <!ENTITY % Linux_PAM SYSTEM "security/pam/linux_pam.ent">
 %Linux_PAM;
 <!ENTITY % shadow SYSTEM "security/shadow/shadow.ent">

postlfs/security/cracklib.xml

@@ -0,0 +1,10 @@
+<sect1 id="cracklib" xreflabel="cracklib-&cracklib-version;">
+<?dbhtml filename="cracklib.html" dir="postlfs"?>
+<title>cracklib-&cracklib-version;</title>
+
+&cracklib-intro;
+&cracklib-inst;
+&cracklib-exp; 
+&cracklib-desc;
+
+</sect1>

postlfs/security/cracklib/cracklib-desc.xml

@@ -0,0 +1,17 @@
+<sect2>
+<title>Contents</title>
+
+<para>The <application>cracklib</application> package 
+contains the <filename class="libraryfile">libcrack</filename> 
+library.</para>
+
+</sect2>
+
+<sect2><title>Description</title>
+
+<sect3><title>libcrack library</title>
+<para>The <filename class="libraryfile">libcrack</filename> library
+provides a fast dictionary lookup method for strong password
+enforcement.</para></sect3>
+
+</sect2>

postlfs/security/cracklib/cracklib-exp.xml

@@ -0,0 +1,18 @@
+<sect2>
+<title>Command explanations</title>
+
+<para><command>make DICTPATH=/usr/lib/cracklib_dict SRCDICTS=/usr/share/dict/words install</command>:
+Builds the libcrack library and forces it to look at
+<filename class="directory">/usr/share/dict</filename> for word lists, and puts the
+cracklib dictionary in <filename>/usr/lib/cracklib_dict</filename>.</para>
+
+<para><command>install -m644 cracklib/libcrack.a /usr/lib</command>:
+Installs the library in <filename class="directory">/usr/lib</filename>.</para>
+
+<para><command>install -m644 cracklib/crack.h /usr/include</command>:
+Installs the header file in <filename class="directory">/usr/include</filename>.</para>
+
+<para><command>install -m754 util/{mkdict,packer,create_cracklib_dict} /usr/sbin</command>:
+Install the utils into <filename class="directory">/usr/sbin</filename>.</para>
+
+</sect2>

postlfs/security/cracklib/cracklib-inst.xml

@@ -0,0 +1,27 @@
+<sect2>
+<title>Installation of <application>cracklib</application></title>
+
+<para>First, we need to install the chosen word list for cracklib:</para>
+
+<screen><userinput><command>mkdir -p /usr/share/dict/ &amp;&amp;
+chmod 0644 /usr/share/dict &amp;&amp;
+cp <replaceable>[wordlist]</replaceable> /usr/share/dict &amp;&amp;
+chmod 0644 /usr/share/dict/<replaceable>[wordlist]</replaceable> &amp;&amp;
+ln -sf <replaceable>[wordlist]</replaceable> /usr/share/dict/words</command></userinput></screen>
+
+<para>Our word list is linked to
+<filename>/usr/share/dict/words</filename> as historically,
+<filename>words</filename> is the only file in the
+<filename class="directory">/usr/share/dict</filename> directory.  You are welcome to shun
+history and adjust for your own needs.</para>
+
+<para>Now install cracklib using the following commands:</para>
+
+<screen><userinput><command>patch -Np1 -i ../cracklib-&cracklib-version;-header-1.patch &amp;&amp;
+patch -Np1 -i ../cracklib-&cracklib-version;-missing-1.patch &amp;&amp;
+make DICTPATH=/usr/lib/cracklib_dict SRCDICTS=/usr/share/dict/words install &amp;&amp;
+install -m644 cracklib/libcrack.a /usr/lib &amp;&amp;
+install -m644 cracklib/crack.h /usr/include &amp;&amp;
+install -m754 util/{mkdict,packer,create_cracklib_dict} /usr/sbin</command></userinput></screen>
+
+</sect2>

postlfs/security/cracklib/cracklib-intro.xml

@@ -0,0 +1,42 @@
+<sect2>
+<title>Introduction to <application>cracklib</application></title>
+
+<para>The cracklib package contains a library used to enforce strong 
+passwords by comparing user selected passwords to words in a 
+chosen wordlist.</para>
+
+<sect3><title>Package information</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Download (HTTP): <ulink
+url="&cracklib-download-http;"/></para></listitem>
+<listitem><para>Download (FTP): <ulink
+url="&cracklib-download-ftp;"/></para></listitem>
+<listitem><para>Download size: &cracklib-size;</para></listitem>
+<listitem><para>Estimated Disk space required (with cracklib wordlist):
+&cracklib-buildsize;</para></listitem>
+<listitem><para>Estimated build time:
+&cracklib-time;</para></listitem></itemizedlist>
+</sect3>
+
+<sect3><title>Additional downloads</title>
+
+<itemizedlist spacing='compact'>
+<listitem><para>Missing header patch:
+<ulink url="&patch-root;/cracklib-&cracklib-version;-header-1.patch"/></para></listitem>
+<listitem><para>Missing utility patch:
+<ulink url="&patch-root;/cracklib-&cracklib-version;-missing-1.patch"/></para></listitem>
+</itemizedlist>
+
+<para>You will also need to download a wordlist for use with cracklib.  
+There are two wordlists to choose from at the following location.
+Use the <filename>cracklib</filename> word list for good security,
+or opt for the <filename>allwords</filename> word list for
+lightweight machines short on <acronym>RAM</acronym>.  You can of course choose any other
+word list that you have at your disposal.</para>
+
+<para>cracklib: <ulink url="http://www.cotse.com/wordlists/cracklib"/></para>
+<para>allwords: <ulink url="http://www.cotse.com/wordlists/allwords"/></para>
+
+</sect3>
+
+</sect2>

postlfs/security/cracklib/cracklib.ent

@@ -0,0 +1,12 @@
+<!ENTITY cracklib SYSTEM "../cracklib.xml">
+<!ENTITY cracklib-intro SYSTEM "cracklib-intro.xml">
+<!ENTITY cracklib-inst SYSTEM "cracklib-inst.xml">
+<!ENTITY cracklib-exp SYSTEM "cracklib-exp.xml">
+<!ENTITY cracklib-desc SYSTEM "cracklib-desc.xml">
+<!ENTITY cracklib-version "2.7">
+<!ENTITY cracklib-download-http "http://www.crypticide.com/users/alecm/security/cracklib,&cracklib-version;.tar.gz">
+<!ENTITY cracklib-download-ftp "ftp://ftp.cerias.purdue.edu/pub/tools/unix/libs/cracklib/cracklib.&cracklib-version;.tar.gz">
+<!ENTITY cracklib-size "21 KB">
+<!ENTITY cracklib-buildsize "17 MB">
+<!ENTITY cracklib-time "0.10 SBU">
+

postlfs/security/pam/linux_pam-inst.xml

@@ -7,7 +7,7 @@ running the following commands:</para>
 
 <screen><userinput><command>patch -Np1 -i ../Linux-PAM-0.77-linkage-1.patch &amp;&amp;
 ./configure --enable-static-libpam --with-mailspool=/var/mail \
---enable-read-both-confs --sysconfdir=/etc &amp;&amp;
+    --enable-read-both-confs --sysconfdir=/etc &amp;&amp;
 make &amp;&amp;
 make install &amp;&amp;
 mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib &amp;&amp;
@@ -15,6 +15,4 @@ ln -sf ../../lib/libpam.so.&Linux_PAM-version; /usr/lib/libpam.so &amp;&amp;
 ln -sf ../../lib/libpam_misc.so.&Linux_PAM-version; /usr/lib/libpam_misc.so &amp;&amp;
 ln -sf ../../lib/libpamc.so.&Linux_PAM-version; /usr/lib/libpamc.so</command></userinput></screen>
 
-
 </sect2>
-

postlfs/security/pam/linux_pam-intro.xml

@@ -25,13 +25,9 @@ url="&Linux_PAM-download-ftp;"/></para></listitem>
 <ulink url="&patch-root;/Linux-PAM-0.77-linkage-1.patch"/></para></listitem></itemizedlist>
 </sect3>
 
-
-<sect3><title><application>Linux-<acronym>PAM</acronym></application> 
-dependencies</title>
+<sect3><title><application>Linux-<acronym>PAM</acronym></application> dependencies</title>
 <sect4><title>Optional</title>
-<para><ulink 
-url="http://www.crypticide.org/users/alecm/security/cracklib,2.7.tar.gz">
-cracklib v2.7</ulink></para></sect4>
+<para><xref linkend="cracklib"/></para></sect4>
 </sect3>
 
 </sect2>

postlfs/security/security.xml

@@ -22,6 +22,7 @@ the packager creates it.</para>
 of critical files (defined by the administrator) and then regenerates those 
 "signatures" and compares for files that have been changed.</para>
 
+&cracklib;
 &Linux_PAM;
 &shadow;
 &iptables;

postlfs/security/shadow.xml

@@ -25,7 +25,7 @@ Passwords created after this change will be encrypted using
 -->
 &shadow-intro;
 &shadow-inst;
-<!-- &shadow-exp; -->
+&shadow-exp;
 &shadow-config;
 
 </sect1>

postlfs/security/shadow/shadow-exp.xml

@@ -1,8 +1,14 @@
 <sect2>
 <title>Command explanations</title>
 
+<para><parameter>--without-libcrack</parameter>: This switch tells shadow
+not to use libcrack. This is desired as
+<application>Linux-<acronym>PAM</acronym></application> already
+contains libcrack.</para>
+
+<!--  Leftover from older instructions????
 <para><command>cp debian/securetty /etc/securetty</command>: This
 command sets the tty's that allow logins through <acronym>PAM</acronym>.</para>
+-->
 
 </sect2>
-

postlfs/security/shadow/shadow-inst.xml

@@ -5,7 +5,7 @@
 
 <screen><userinput><command>patch -Np1 -i ../shadow-&shadow-version;-pam-1.patch &amp;&amp;
 LIBS="-lpam -lpam_misc" ./configure --libdir=/usr/lib \
---enable-shared --with-libpam &amp;&amp;
+    --enable-shared --with-libpam --without-libcrack &amp;&amp;
 echo '#define HAVE_SETLOCALE 1' >> config.h &amp;&amp;
 make &amp;&amp;
 make install &amp;&amp;
@@ -17,4 +17,3 @@ ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so &amp;&amp;
 ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</command></userinput></screen>
 
 </sect2>
-