File Manager

003 File Manager

Current Path: /usr/src/crypto/heimdal/lib/kadm5

usr / src / crypto / heimdal / lib / kadm5 /

📁 ..
📄 ChangeLog(38.93 KB)
📄 Makefile.am(4.54 KB)
📄 Makefile.in(52.12 KB)
📄 acl.c(5.6 KB)
📄 ad.c(32.74 KB)
📄 admin.h(7.96 KB)
📄 bump_pw_expire.c(2.05 KB)
📄 check-cracklib.pl(2.79 KB)
📄 chpass_c.c(3.88 KB)
📄 chpass_s.c(5.58 KB)
📄 client_glue.c(4.39 KB)
📄 common_glue.c(3.82 KB)
📄 context_s.c(5.49 KB)
📄 create_c.c(2.76 KB)
📄 create_s.c(5.7 KB)
📄 default_keys.c(3.34 KB)
📄 delete_c.c(2.63 KB)
📄 delete_s.c(2.67 KB)
📄 destroy_c.c(2.11 KB)
📄 destroy_s.c(2.6 KB)
📄 ent_setup.c(6.71 KB)
📄 error.c(1.82 KB)
📄 flush.c(1.77 KB)
📄 flush_c.c(1.68 KB)
📄 flush_s.c(1.68 KB)
📄 free.c(2.93 KB)
📄 get_c.c(2.79 KB)
📄 get_princs_c.c(2.87 KB)
📄 get_princs_s.c(3.42 KB)
📄 get_s.c(9.63 KB)
📄 init_c.c(18.89 KB)
📄 init_s.c(6.66 KB)
📄 iprop-commands.in(3.28 KB)
📄 iprop-log.8(3.79 KB)
📄 iprop-log.c(12.01 KB)
📄 iprop.8(5.43 KB)
📄 iprop.h(2.17 KB)
📄 ipropd_common.c(2.21 KB)
📄 ipropd_master.c(26.06 KB)
📄 ipropd_slave.c(20.02 KB)
📄 kadm5-private.h(10.7 KB)
📄 kadm5-protos.h(5.09 KB)
📄 kadm5-pwcheck.h(2.48 KB)
📄 kadm5_err.et(3.43 KB)
📄 kadm5_locl.h(2.43 KB)
📄 kadm5_pwcheck.3(5.21 KB)
📄 keys.c(3.03 KB)
📄 log.c(24.91 KB)
📄 marshall.c(9.05 KB)
📄 modify_c.c(2.69 KB)
📄 modify_s.c(3.28 KB)
📄 password_quality.c(12.52 KB)
📄 private.h(4.47 KB)
📄 privs_c.c(2.66 KB)
📄 privs_s.c(1.81 KB)
📄 randkey_c.c(2.95 KB)
📄 randkey_s.c(3.29 KB)
📄 rename_c.c(2.57 KB)
📄 rename_s.c(3.64 KB)
📄 sample_passwd_check.c(2.94 KB)
📄 send_recv.c(3.14 KB)
📄 server_glue.c(4.39 KB)
📄 set_keys.c(6.81 KB)
📄 set_modifier.c(2.08 KB)
📄 test_pw_quality.c(3.08 KB)
📄 version-script.map(1.55 KB)

Editing: check-cracklib.pl

#!/usr/pkg/bin/perl
#
# Sample password verifier for Heimdals external password
# verifier, see the chapter "Password changing" in the the info
# documentation for more information about the protocol used.
#
# Three checks
#  1. Check that password is not the principal name
#  2. Check that the password passes cracklib
#  3. Check that password isn't repeated for this principal
#
# The repeat check must be last because some clients ask
# twice when getting "no" back and thus the error message
# would be wrong.
#
# Prereqs (example versions): 
#
# * perl (5.8.5) http://www.perl.org/
# * cracklib (2.8.5) http://sourceforge.net/projects/cracklib
# * Crypt-Cracklib perlmodule (0.01) http://search.cpan.org/~daniel/
#
# Sample dictionaries:
#     cracklib-words (1.1) http://sourceforge.net/projects/cracklib
#     miscfiles (1.4.2) http://directory.fsf.org/miscfiles.html
#
# Configuration for krb5.conf or kdc.conf
#
#   [password_quality]
#     	policies = builtin:external-check
#     	external_program = <your-path>/check-cracklib.pl
#
# $Id$

use strict;
use Crypt::Cracklib;
use Digest::MD5;

# NEED TO CHANGE THESE TO MATCH YOUR SYSTEM
my $database = '/usr/lib/cracklib_dict';
my $historydb = '/var/heimdal/historydb';
# NEED TO CHANGE THESE TO MATCH YOUR SYSTEM

# seconds password reuse allowed (to catch retries from clients)
my $reusetime = 60;

my %params;

sub check_basic
{
    my $principal = shift;
    my $passwd = shift;

if ($principal eq $passwd) {
	return "Principal name as password is not allowed";
    }
    return "ok";
}

sub check_repeat
{
    my $principal = shift;
    my $passwd = shift;
    my $result  = 'Do not reuse passwords';
    my %DB;
    my $md5context = new Digest::MD5;
    my $timenow = scalar(time());

$md5context->reset();
    $md5context->add($principal, ":", $passwd);

my $key=$md5context->hexdigest();

dbmopen(%DB,$historydb,0600) or die "Internal: Could not open $historydb";
    if (!$DB{$key} || ($timenow - $DB{$key} < $reusetime)) { 
	$result = "ok";
	$DB{$key}=$timenow;
    }
    dbmclose(%DB) or die "Internal: Could not close $historydb";
    return $result;
}

sub badpassword
{
    my $reason = shift;
    print "$reason\n";
    exit 0
}

while (<STDIN>) {
    last if /^end$/;
    if (!/^([^:]+): (.+)$/) {
	die "key value pair not correct: $_";
    }
    $params{$1} = $2;
}

die "missing principal" if (!defined $params{'principal'});
die "missing password" if (!defined $params{'new-password'});

my $reason;

$reason = check_basic($params{'principal'}, $params{'new-password'});
badpassword($reason) if ($reason ne "ok");

$reason = fascist_check($params{'new-password'}, $database);
badpassword($reason) if ($reason ne "ok");

$reason = check_repeat($params{'principal'}, $params{'new-password'});
badpassword($reason) if ($reason ne "ok");

print "APPROVED\n";
exit 0

003 File Manager

Editing: check-cracklib.pl

Upload File

Create Folder