2
KADM5_PWCHECK(3) BSD Library Functions Manual KADM5_PWCHECK(3)
5
k�kr�rb�b5�5_�_p�pw�wc�ch�he�ec�ck�k, k�ka�ad�dm�m5�5_�_s�se�et�tu�up�p_�_p�pa�as�ss�sw�wd�d_�_q�qu�ua�al�li�it�ty�y_�_c�ch�he�ec�ck�k,
6
k�ka�ad�dm�m5�5_�_a�ad�dd�d_�_p�pa�as�ss�sw�wd�d_�_q�qu�ua�al�li�it�ty�y_�_v�ve�er�ri�if�fi�ie�er�r, k�ka�ad�dm�m5�5_�_c�ch�he�ec�ck�k_�_p�pa�as�ss�sw�wo�or�rd�d_�_q�qu�ua�al�li�it�ty�y -- Heim-
7
dal warning and error functions
10
Kerberos 5 Library (libkadm5srv, -lkadm5srv)
12
S�SY�YN�NO�OP�PS�SI�IS�S
13
#�#i�in�nc�cl�lu�ud�de�e <�<k�ka�ad�dm�m5�5-�-p�pr�ro�ot�to�os�s.�.h�h>�>
14
#�#i�in�nc�cl�lu�ud�de�e <�<k�ka�ad�dm�m5�5-�-p�pw�wc�ch�he�ec�ck�k.�.h�h>�>
17
k�ka�ad�dm�m5�5_�_s�se�et�tu�up�p_�_p�pa�as�ss�sw�wd�d_�_q�qu�ua�al�li�it�ty�y_�_c�ch�he�ec�ck�k(_�k_�r_�b_�5_�__�c_�o_�n_�t_�e_�x_�t _�c_�o_�n_�t_�e_�x_�t,
18
_�c_�o_�n_�s_�t _�c_�h_�a_�r _�*_�c_�h_�e_�c_�k_�__�l_�i_�b_�r_�a_�r_�y, _�c_�o_�n_�s_�t _�c_�h_�a_�r _�*_�c_�h_�e_�c_�k_�__�f_�u_�n_�c_�t_�i_�o_�n);
20
_�k_�r_�b_�5_�__�e_�r_�r_�o_�r_�__�c_�o_�d_�e
21
k�ka�ad�dm�m5�5_�_a�ad�dd�d_�_p�pa�as�ss�sw�wd�d_�_q�qu�ua�al�li�it�ty�y_�_v�ve�er�ri�if�fi�ie�er�r(_�k_�r_�b_�5_�__�c_�o_�n_�t_�e_�x_�t _�c_�o_�n_�t_�e_�x_�t,
22
_�c_�o_�n_�s_�t _�c_�h_�a_�r _�*_�c_�h_�e_�c_�k_�__�l_�i_�b_�r_�a_�r_�y);
24
_�c_�o_�n_�s_�t _�c_�h_�a_�r _�*
25
k�ka�ad�dm�m5�5_�_c�ch�he�ec�ck�k_�_p�pa�as�ss�sw�wo�or�rd�d_�_q�qu�ua�al�li�it�ty�y(_�k_�r_�b_�5_�__�c_�o_�n_�t_�e_�x_�t _�c_�o_�n_�t_�e_�x_�t,
26
_�k_�r_�b_�5_�__�p_�r_�i_�n_�c_�i_�p_�a_�l _�p_�r_�i_�n_�c_�i_�p_�a_�l, _�k_�r_�b_�5_�__�d_�a_�t_�a _�*_�p_�w_�d_�__�d_�a_�t_�a);
29
(�(*�*k�ka�ad�dm�m5�5_�_p�pa�as�ss�sw�wd�d_�_q�qu�ua�al�li�it�ty�y_�_c�ch�he�ec�ck�k_�_f�fu�un�nc�c)�)(_�k_�r_�b_�5_�__�c_�o_�n_�t_�e_�x_�t _�c_�o_�n_�t_�e_�x_�t,
30
_�k_�r_�b_�5_�__�p_�r_�i_�n_�c_�i_�p_�a_�l _�p_�r_�i_�n_�c_�i_�p_�a_�l, _�k_�r_�b_�5_�__�d_�a_�t_�a _�*_�p_�a_�s_�s_�w_�o_�r_�d, _�c_�o_�n_�s_�t _�c_�h_�a_�r _�*_�t_�u_�n_�i_�n_�g,
31
_�c_�h_�a_�r _�*_�m_�e_�s_�s_�a_�g_�e, _�s_�i_�z_�e_�__�t _�l_�e_�n_�g_�t_�h);
33
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
34
These functions perform the quality check for the heimdal database
37
There are two versions of the shared object API; the old version (0) is
38
deprecated, but still supported. The new version (1) supports multiple
39
password quality checking policies in the same shared object. See below
42
The password quality checker will run all policies that are configured by
43
the user. If any policy rejects the password, the password will be
46
Policy names are of the form `module-name:policy-name' or, if the the
47
policy name is unique enough, just `policy-name'.
49
I�IM�MP�PL�LE�EM�ME�EN�NT�TI�IN�NG�G A�A P�PA�AS�SS�SW�WO�OR�RD�D Q�QU�UA�AL�LI�IT�TY�Y C�CH�HE�EC�CK�KI�IN�NG�G S�SH�HA�AR�RE�ED�D O�OB�BJ�JE�EC�CT�T
50
(This refers to the version 1 API only.)
52
Module shared objects may conveniently be compiled and linked with
53
libtool(1). An object needs to export a symbol called
54
`kadm5_password_verifier' of the type _�s_�t_�r_�u_�c_�t _�k_�a_�d_�m_�5_�__�p_�w_�__�p_�o_�l_�i_�c_�y_�__�v_�e_�r_�i_�f_�i_�e_�r.
56
Its _�n_�a_�m_�e and _�v_�e_�n_�d_�o_�r fields should contain the obvious information. _�n_�a_�m_�e
57
must match the `module-name' portion of the policy name (the part before
58
the colon), if the policy name contains a colon, or the policy will not
59
be run. _�v_�e_�r_�s_�i_�o_�n should be KADM5_PASSWD_VERSION_V1.
61
_�f_�u_�n_�c_�s contains an array of _�s_�t_�r_�u_�c_�t _�k_�a_�d_�m_�5_�__�p_�w_�__�p_�o_�l_�i_�c_�y_�__�c_�h_�e_�c_�k_�__�f_�u_�n_�c structures
62
that is terminated with an entry whose _�n_�a_�m_�e component is NULL. The _�n_�a_�m_�e
63
field of the array must match the `policy-name' portion of a policy name
64
(the part after the colon, or the complete policy name if there is no
65
colon) specified by the user or the policy will not be run. The _�f_�u_�n_�c
66
fields of the array elements are functions that are exported by the mod-
67
ule to be called to check the password. They get the following argu-
68
ments: the Kerberos context, principal, password, a tuning parameter,
69
and a pointer to a message buffer and its length. The tuning parameter
70
for the quality check function is currently always NULL. If the password
71
is acceptable, the function returns zero. Otherwise it returns non-zero
72
and fills in the message buffer with an appropriate explanation.
74
R�RU�UN�NN�NI�IN�NG�G T�TH�HE�E C�CH�HE�EC�CK�KS�S
75
k�ka�ad�dm�m5�5_�_s�se�et�tu�up�p_�_p�pa�as�ss�sw�wd�d_�_q�qu�ua�al�li�it�ty�y_�_c�ch�he�ec�ck�k sets up type 0 checks. It sets up all
76
type 0 checks defined in krb5.conf(5) if called with the last two argu-
79
k�ka�ad�dm�m5�5_�_a�ad�dd�d_�_p�pa�as�ss�sw�wd�d_�_q�qu�ua�al�li�it�ty�y_�_v�ve�er�ri�if�fi�ie�er�r sets up type 1 checks. It sets up all
80
type 1 tests defined in krb5.conf(5) if called with a null second argu-
81
ment. k�ka�ad�dm�m5�5_�_c�ch�he�ec�ck�k_�_p�pa�as�ss�sw�wo�or�rd�d_�_q�qu�ua�al�li�it�ty�y runs the checks in the order in which
82
they are defined in krb5.conf(5) and the order in which they occur in a
83
module's _�f_�u_�n_�c_�s array until one returns non-zero.
85
S�SE�EE�E A�AL�LS�SO�O
86
libtool(1), krb5(3), krb5.conf(5)
88
HEIMDAL February 29, 2004 HEIMDAL
added
removed
lib/kadm5/kadm5_pwcheck.cat3
