2
KADM5_PWCHECK(3) BSD Library Functions Manual KADM5_PWCHECK(3)
5
kkrrbb55__ppwwcchheecckk, kkaaddmm55__sseettuupp__ppaasssswwdd__qquuaalliittyy__cchheecckk,
6
kkaaddmm55__aadddd__ppaasssswwdd__qquuaalliittyy__vveerriiffiieerr, kkaaddmm55__cchheecckk__ppaasssswwoorrdd__qquuaalliittyy -- Heim-
7
dal warning and error functions
10
Kerberos 5 Library (libkadm5srv, -lkadm5srv)
13
##iinncclluuddee <<kkaaddmm55--pprroottooss..hh>>
14
##iinncclluuddee <<kkaaddmm55--ppwwcchheecckk..hh>>
17
kkaaddmm55__sseettuupp__ppaasssswwdd__qquuaalliittyy__cchheecckk(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
18
_c_o_n_s_t _c_h_a_r _*_c_h_e_c_k___l_i_b_r_a_r_y, _c_o_n_s_t _c_h_a_r _*_c_h_e_c_k___f_u_n_c_t_i_o_n);
20
_k_r_b_5___e_r_r_o_r___c_o_d_e
21
kkaaddmm55__aadddd__ppaasssswwdd__qquuaalliittyy__vveerriiffiieerr(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
22
_c_o_n_s_t _c_h_a_r _*_c_h_e_c_k___l_i_b_r_a_r_y);
24
_c_o_n_s_t _c_h_a_r _*
25
kkaaddmm55__cchheecckk__ppaasssswwoorrdd__qquuaalliittyy(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
26
_k_r_b_5___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l, _k_r_b_5___d_a_t_a _*_p_w_d___d_a_t_a);
29
((**kkaaddmm55__ppaasssswwdd__qquuaalliittyy__cchheecckk__ffuunncc))(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t,
30
_k_r_b_5___p_r_i_n_c_i_p_a_l _p_r_i_n_c_i_p_a_l, _k_r_b_5___d_a_t_a _*_p_a_s_s_w_o_r_d, _c_o_n_s_t _c_h_a_r _*_t_u_n_i_n_g,
31
_c_h_a_r _*_m_e_s_s_a_g_e, _s_i_z_e___t _l_e_n_g_t_h);
33
DDEESSCCRRIIPPTTIIOONN
34
These functions perform the quality check for the heimdal database
37
There are two versions of the shared object API; the old version (0) is
38
deprecated, but still supported. The new version (1) supports multiple
39
password quality checking policies in the same shared object. See below
42
The password quality checker will run all policies that are configured by
43
the user. If any policy rejects the password, the password will be
46
Policy names are of the form `module-name:policy-name' or, if the the
47
policy name is unique enough, just `policy-name'.
49
IIMMPPLLEEMMEENNTTIINNGG AA PPAASSSSWWOORRDD QQUUAALLIITTYY CCHHEECCKKIINNGG SSHHAARREEDD OOBBJJEECCTT
50
(This refers to the version 1 API only.)
52
Module shared objects may conveniently be compiled and linked with
53
libtool(1). An object needs to export a symbol called
54
`kadm5_password_verifier' of the type _s_t_r_u_c_t _k_a_d_m_5___p_w___p_o_l_i_c_y___v_e_r_i_f_i_e_r.
56
Its _n_a_m_e and _v_e_n_d_o_r fields should contain the obvious information. _n_a_m_e
57
must match the `module-name' portion of the policy name (the part before
58
the colon), if the policy name contains a colon, or the policy will not
59
be run. _v_e_r_s_i_o_n should be KADM5_PASSWD_VERSION_V1.
61
_f_u_n_c_s contains an array of _s_t_r_u_c_t _k_a_d_m_5___p_w___p_o_l_i_c_y___c_h_e_c_k___f_u_n_c structures
62
that is terminated with an entry whose _n_a_m_e component is NULL. The _n_a_m_e
63
field of the array must match the `policy-name' portion of a policy name
64
(the part after the colon, or the complete policy name if there is no
65
colon) specified by the user or the policy will not be run. The _f_u_n_c
66
fields of the array elements are functions that are exported by the mod-
67
ule to be called to check the password. They get the following argu-
68
ments: the Kerberos context, principal, password, a tuning parameter,
69
and a pointer to a message buffer and its length. The tuning parameter
70
for the quality check function is currently always NULL. If the password
71
is acceptable, the function returns zero. Otherwise it returns non-zero
72
and fills in the message buffer with an appropriate explanation.
74
RRUUNNNNIINNGG TTHHEE CCHHEECCKKSS
75
kkaaddmm55__sseettuupp__ppaasssswwdd__qquuaalliittyy__cchheecckk sets up type 0 checks. It sets up all
76
type 0 checks defined in krb5.conf(5) if called with the last two argu-
79
kkaaddmm55__aadddd__ppaasssswwdd__qquuaalliittyy__vveerriiffiieerr sets up type 1 checks. It sets up all
80
type 1 tests defined in krb5.conf(5) if called with a null second argu-
81
ment. kkaaddmm55__cchheecckk__ppaasssswwoorrdd__qquuaalliittyy runs the checks in the order in which
82
they are defined in krb5.conf(5) and the order in which they occur in a
83
module's _f_u_n_c_s array until one returns non-zero.
86
libtool(1), krb5(3), krb5.conf(5)
88
HEIMDAL February 29, 2004 HEIMDAL