mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-02-10 13:04:42 +08:00
9f12e36459
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6192 af4574ff-66df-0310-9fd7-8a98e5e911e0
270 lines
11 KiB
XML
270 lines
11 KiB
XML
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
|
|
<!ENTITY % general-entities SYSTEM "../../general.ent">
|
|
%general-entities;
|
|
|
|
<!-- Inserted as a reminder to do this. The mention of a test suite
|
|
is usually right before the root user installation commands. Please
|
|
delete these 12 (including one blank) lines after you are done.-->
|
|
|
|
<!-- Use one of the two mentions below about a test suite,
|
|
delete the line that is not applicable. Of course, if the
|
|
test suite uses syntax other than "make check", revise the
|
|
line to reflect the actual syntax to run the test suite -->
|
|
|
|
<!-- <para>This package does not come with a test suite.</para> -->
|
|
<!-- <para>To test the results, issue: <command>make check</command>.</para> -->
|
|
|
|
<!ENTITY cracklib-download-http "http://prdownloads.sourceforge.net/cracklib/cracklib-&cracklib-version;.tar.gz">
|
|
<!ENTITY cracklib-download-ftp " ">
|
|
<!ENTITY cracklib-http-md5sum "9a8c9eb26b48787c84024ac779f64bb2">
|
|
<!ENTITY cracklib-size "575 KB">
|
|
<!ENTITY cracklib-buildsize "29.2 MB (without Python bindings)">
|
|
<!ENTITY cracklib-time "0.1 SBU">
|
|
<!ENTITY crackdict-download "http://prdownloads.sourceforge.net/cracklib/cracklib-words.gz">
|
|
<!ENTITY crackdict-size "4.4 MB">
|
|
<!ENTITY crackdict-md5sum "d18e670e5df560a8745e1b4dede8f84f">
|
|
]>
|
|
|
|
<sect1 id="cracklib" xreflabel="CrackLib-&cracklib-version;">
|
|
<?dbhtml filename="cracklib.html"?>
|
|
|
|
<sect1info>
|
|
<othername>$LastChangedBy$</othername>
|
|
<date>$Date$</date>
|
|
</sect1info>
|
|
|
|
<title>CrackLib-&cracklib-version;</title>
|
|
|
|
<indexterm zone="cracklib">
|
|
<primary sortas="a-CrackLib">CrackLib</primary>
|
|
</indexterm>
|
|
|
|
<sect2 role="package">
|
|
<title>Introduction to CrackLib</title>
|
|
|
|
<para>The <application>CrackLib</application> package contains a
|
|
library used to enforce strong passwords by comparing user selected
|
|
passwords to words in chosen word lists.</para>
|
|
|
|
<bridgehead renderas="sect3">Package Information</bridgehead>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>Download (HTTP): <ulink url="&cracklib-download-http;"/></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Download (FTP): <ulink url="&cracklib-download-ftp;"/></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Download MD5 sum: &cracklib-http-md5sum;</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Download size: &cracklib-size;</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Estimated disk space required: &cracklib-buildsize;</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Estimated build time: &cracklib-time;</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
|
|
<itemizedlist spacing='compact'>
|
|
<listitem>
|
|
<para>Recommended word list for English-speaking countries (size:
|
|
&crackdict-size;; md5sum: &crackdict-md5sum;):
|
|
<ulink url="&crackdict-download;"/></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Required patch to create a library used with the Heimdal
|
|
Kerberos 5 package: <ulink
|
|
url="&patch-root;/cracklib-&cracklib-version;-heimdal-1.patch"/></para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
<para>There are additional word lists available for download, e.g., from
|
|
<ulink url="http://www.cotse.com/tools/wordlists.htm"/>.
|
|
<application>CrackLib</application> can utilize as many, or as few word
|
|
lists you choose to install.</para>
|
|
|
|
<important>
|
|
<para>Users tend to base their passwords on regular words of the spoken
|
|
language, and crackers know that. <application>CrackLib</application> is
|
|
intended to filter out such bad passwords at the source using a
|
|
dictionary created from word lists. To accomplish this, the word list(s)
|
|
for use with <application>CrackLib</application> must be an exhaustive
|
|
list of words and word-based keystroke combinations likely to be chosen
|
|
by users of the system as (guessable) passwords.</para>
|
|
|
|
<para>The default word list recommended above for downloading mostly
|
|
satisfies this role in English-speaking countries. In other situations,
|
|
it may be necessary to download (or even create) additional word
|
|
lists.</para>
|
|
|
|
<para>Note that word lists suitable for spell-checking are not usable
|
|
as <application>CrackLib</application> word lists in countries with
|
|
non-Latin based alphabets, because of <quote>word-based keystroke
|
|
combinations</quote> that make bad passwords.</para>
|
|
</important>
|
|
|
|
<bridgehead renderas="sect3">CrackLib Dependencies</bridgehead>
|
|
|
|
<bridgehead renderas="sect4">Optional</bridgehead>
|
|
<para role="optional"><xref linkend="python"/></para>
|
|
|
|
<para condition="html" role="usernotes">User Notes:
|
|
<ulink url="&blfs-wiki;/cracklib"/></para>
|
|
|
|
</sect2>
|
|
|
|
<sect2 role="installation">
|
|
<title>Installation of CrackLib</title>
|
|
|
|
<para>If desired, apply the <application>Heimdal</application> patch
|
|
(note that with this patch the original library is not affected; this patch
|
|
only creates an additional library used by the
|
|
<application>Heimdal</application> password-checking routines):</para>
|
|
|
|
<screen><userinput>patch -Np1 -i ../cracklib-&cracklib-version;-heimdal-1.patch</userinput></screen>
|
|
|
|
<para>Install <application>CrackLib</application> by running the following
|
|
commands:</para>
|
|
|
|
<screen><userinput>./configure --prefix=/usr \
|
|
--with-default-dict=/lib/cracklib/pw_dict &&
|
|
make</userinput></screen>
|
|
|
|
<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
|
|
|
|
<screen role="root"><userinput>make install &&
|
|
mv -v /usr/lib/libcrack.so.2* /lib &&
|
|
ln -v -sf ../../lib/libcrack.so.2.8.0 /usr/lib/libcrack.so</userinput></screen>
|
|
|
|
<para>Issue the following commands as the
|
|
<systemitem class="username">root</systemitem> user to install the
|
|
recommended word list and create the <application>CrackLib</application>
|
|
dictionary. Other word lists (text based, one word per line) can also be
|
|
used by simply installing them into
|
|
<filename class='directory'>/usr/share/dict</filename> and adding them
|
|
to the <command>create-cracklib-dict</command> command.</para>
|
|
|
|
<screen role="root"><userinput>install -v -m644 -D ../cracklib-words.gz \
|
|
/usr/share/dict/cracklib-words.gz &&
|
|
gunzip -v /usr/share/dict/cracklib-words.gz &&
|
|
ln -v -s cracklib-words /usr/share/dict/words &&
|
|
echo $(hostname) >>/usr/share/dict/cracklib-extra-words &&
|
|
install -v -m755 -d /lib/cracklib &&
|
|
create-cracklib-dict /usr/share/dict/cracklib-words \
|
|
/usr/share/dict/cracklib-extra-words</userinput></screen>
|
|
|
|
<para>If desired, check the proper operation of the library as an
|
|
unprivileged user using the tests included with the package:</para>
|
|
|
|
<screen><userinput>make test</userinput></screen>
|
|
|
|
<important>
|
|
<para>If you are installing <application>CrackLib</application> after
|
|
your LFS system has been completed and you have the
|
|
<application>Shadow</application> package installed, you must
|
|
reinstall <xref linkend="shadow"/> if you wish to provide strong
|
|
password support on your system. If you are now going to install the
|
|
<xref linkend="linux-pam"/> package, you may disregard this note as
|
|
<application>Shadow</application> will be reinstalled after the
|
|
<application>Linux-PAM</application> installation.</para>
|
|
</important>
|
|
|
|
</sect2>
|
|
|
|
<sect2 role="commands">
|
|
<title>Command Explanations</title>
|
|
|
|
<para><parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>:
|
|
This parameter forces the installation of the
|
|
<application>CrackLib</application> dictionary to the
|
|
<filename class='directory'>/lib</filename> hierarchy.</para>
|
|
|
|
<para><command>mv -v /usr/lib/libcrack.so.2* /lib</command> and
|
|
<command>ln -v -sf ../../lib/libcrack.so.2.8.0 ...</command>: These two
|
|
commands move the <filename class='libraryfile'>libcrack.so.2.8.0</filename>
|
|
library and associated symlink from
|
|
<filename class='directory'>/usr/lib</filename> to
|
|
<filename class='directory'>/lib</filename>, then recreates the
|
|
<filename class='symlink'>/usr/lib/libcrack.so</filename> symlink pointing
|
|
to the relocated file.</para>
|
|
|
|
<para><command>install -v -m644 -D ...</command>: This command creates the
|
|
<filename class='directory'>/usr/share/dict</filename> directory (if it
|
|
doesn't already exist) and installs the compressed word list there.</para>
|
|
|
|
<para><command>ln -v -s cracklib-words /usr/share/dict/words</command>: The
|
|
word list is linked to <filename>/usr/share/dict/words</filename> as
|
|
historically, <filename>words</filename> is the primary word list in the
|
|
<filename class="directory">/usr/share/dict</filename> directory. Omit this
|
|
command if you already have a <filename>/usr/share/dict/words</filename>
|
|
file installed on your system.</para>
|
|
|
|
<para><command>echo $(hostname) >>...</command>: The value of
|
|
<command>hostname</command> is echoed to a file called
|
|
<filename>cracklib-extra-words</filename>. This extra file is intended to be
|
|
a site specific list which includes easy to guess passwords such as company
|
|
or department names, user's names, product names, computer names, domain
|
|
names, etc.</para>
|
|
|
|
<para><command>create-cracklib-dict ...</command>: This command creates the
|
|
<application>CrackLib</application> dictionary from the word lists. Modify
|
|
the command to add any additional word lists you have installed.</para>
|
|
|
|
</sect2>
|
|
|
|
<sect2 role="content">
|
|
<title>Contents</title>
|
|
|
|
<segmentedlist>
|
|
<segtitle>Installed Programs</segtitle>
|
|
<segtitle>Installed Libraries</segtitle>
|
|
<segtitle>Installed Directories</segtitle>
|
|
|
|
<seglistitem>
|
|
<seg>cracklib-check, cracklib-format, cracklib-packer,
|
|
cracklib-unpacker and create-cracklib-dict</seg>
|
|
<seg>libcrack.{so,a} and optionally, libcrack_heimdal.{so,a} and
|
|
cracklibmodule.{so,a} <application>Python</application> module</seg>
|
|
<seg>/lib/cracklib, /usr/share/dict and /usr/share/cracklib</seg>
|
|
</seglistitem>
|
|
</segmentedlist>
|
|
|
|
<variablelist>
|
|
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
|
<?dbfo list-presentation="list"?>
|
|
<?dbhtml list-presentation="table"?>
|
|
|
|
<varlistentry id="create-cracklib-dict">
|
|
<term><filename>create-cracklib-dict</filename></term>
|
|
<listitem>
|
|
<para>is used to create the <application>CrackLib</application>
|
|
dictionary from the given word list(s).</para>
|
|
<indexterm zone="cracklib create-cracklib-dict">
|
|
<primary sortas="b-create-cracklib-dict">create-cracklib-dict</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="libcrack">
|
|
<term><filename class='libraryfile'>libcrack.{so,a}</filename></term>
|
|
<listitem>
|
|
<para>provides a fast dictionary lookup method for strong
|
|
password enforcement.</para>
|
|
<indexterm zone="cracklib libcrack">
|
|
<primary sortas="c-libcrack">libcrack.{so,a}</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</sect2>
|
|
|
|
</sect1>
|