Copyright © 1998, 1999 Jean Pierre LeJacq
Copyright © 2003 Martin Pitt
Copyright © 2008 Jan Dittberner
This package and this document is free software; you may redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.
A copy of the GNU General Public License version 2 is available as /usr/share/common-licenses/GPL-2 in the Debian GNU/Linux distribution or on the World Wide Web at http://www.gnu.org/copyleft/gpl.html. You can also obtain it by writing to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
$Date$
Abstract
cracklib2 is a library
containing a C function which may be used in a passwd
(1) like program. The idea is simple: try to prevent
users from choosing passwords that could be guessed by crack
by filtering them out, at
source. cracklib2 is
not a replacement passwd
(1) program. cracklib2 is a
library.
cracklib2 is an offshoot of
version 5 of the crack
software and contains a considerable number of ideas nicked from
the new software.
cracklib2's original home page provides some links on security publications and access to source code written by the author of cracklib2. While there is a README there is not much documentation available on cracklib2. Hopefully this page that I generated for the Debian/GNU Linux distribution will improve this situation.
cracklib2 has been forked by Nathan Neulinger who is now coordinating the further development. This fork has been blessed by the original maintainer in this article. The new upstream branch is hosted at the cracklib2 SourceForge™ project page.
Table of Contents
One of the most common security weaknesses in computer systems is the use of easily guessed passwords. cracklib2 tries to prevent the selection of weak passwords by checking potential passwords against dictionaries of commonly used or easily guessed words.
is the author of cracklib2. initially produced this Debian package, is its current maintainer. packaged the new upstream version of cracklib2 and updated the documentation.
Ideally, the password quality check should be done when an
user sets his/her password. The PAM (Pluggable Authentication
Modules) architecture makes it easy to integrate arbitrary checks
(like cracklib2) into programs like
passwd and
ssh.
To use cracklib2 in Debian,
install the package libpam_cracklib and follow
the instructions to enable libpam_cracklib in
/etc/pam.d/common-password.
From now on,cracklib2 checks the
password quality whenever a password is changed with
passwd and rejects
bad ones.
The source package is cracklib2 which generates the following binary packages:
Shared library and this documentation.
Header files, static libraries, and symbolic links developers using cracklib2 will need. This package also provides an example program that shows the usage of cracklib2 in own applications.
Run-time support programs which use the shared library in libcrack2 including programs to build the password dictionary databases used by the functions in the shared library.
This package provides Python bindings for the shared library in libcrack2.
This package does not include dictionaries since there are already lots of them in Debian (wenglish, wngerman, etc.).