oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

document kadm5_add_passwd_quality_verifier, improve text

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15235 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-05-25 12:35:11 +00:00
parent b612b2b0c8
commit c38273f051
1 changed files with 62 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
lib/kadm5/kadm5_pwcheck.3
View File

@@ -37,6 +37,7 @@
.Sh NAME .Sh NAME
.Nm krb5_pwcheck , .Nm krb5_pwcheck ,
.Nm kadm5_setup_passwd_quality_check , .Nm kadm5_setup_passwd_quality_check ,
.Nm kadm5_add_passwd_quality_verifier ,
.Nm kadm5_check_password_quality .Nm kadm5_check_password_quality
.Nd Heimdal warning and error functions .Nd Heimdal warning and error functions
.Sh LIBRARY .Sh LIBRARY
@@ -50,60 +51,96 @@ Kerberos 5 Library (libkadm5srv, -lkadm5srv)
.Fa "const char *check_library" .Fa "const char *check_library"
.Fa "const char *check_function" .Fa "const char *check_function"
.Fc .Fc
.Ft "krb5_error_code"
.Fo kadm5_add_passwd_quality_verifier
.Fa "krb5_context context"
.Fa "const char *check_library"
.Fc
.Ft "const char *" .Ft "const char *"
.Fo kadm5_check_password_quality .Fo kadm5_check_password_quality
.Fa "krb5_context context" .Fa "krb5_context context"
.Fa "krb5_principal principal" .Fa "krb5_principal principal"
.Fa "krb5_data *pwd_data" .Fa "krb5_data *pwd_data"
.Fc .Fc
.Ft "krb5_error_code" .Ft int
.Fo kadm5_verify_password_quality .Fo (*kadm5_passwd_quality_check_func)
.Fa "krb5_context context" .Fa "krb5_context context"
.Fa "krb5_principal principal" .Fa "krb5_principal principal"
.Fa "krb5_data *pwd_data" .Fa "krb5_data *password"
.Fa "const char *tuning"
.Fa "char *message"
.Fa "size_t length"
.Fc .Fc
.Sh DESCRIPTION .Sh DESCRIPTION
These functions preforms that quality check for the heimdal database These functions perform the quality check for the heimdal database
library. library.
.Pp .Pp
Two versions of the shared object API, old version (0) deprecated, but There are two versions of the shared object API; the old version (0)
supported still supported. New version (1) support multiple password is deprecated, but still supported. The new version (1) supports
quality checking modules in the same shared object. multiple password quality checking modules in the same shared object.
See below for details.
.Pp .Pp
In case a password doesn't pass the password quality check, the The password quality checker will run over all tests that are
.Fn kadm5_verify_password_quality
returns a more version description of the error in the krb5_context,
you can get the error with
.Fn krb5_get_error_string .
.Pp
The password quality checker will run over all tests that is
configured by the user. configured by the user.
.Pp .Pp
Modules names are on the form Module names are of the form
.Ql vendor:test-name , .Ql vendor:test-name
or if the the test name is unique enough, just or, if the the test name is unique enough, just
.Ql test-name . .Ql test-name .
.Sh IMPLEMENTING A PASSWORD QUALITY CHECKING SHARED OBJECT .Sh IMPLEMENTING A PASSWORD QUALITY CHECKING SHARED OBJECT
The object needs to provide a entry point called (This refers to the version 1 API only.)
.Pp
Module shared objects may conveniently be compiled and linked with
.Xr libtool 1 .
An object needs to export a symbol called
.Ql kadm5_password_verifier .Ql kadm5_password_verifier
of the type of the type
.Ft "struct kadm5_pw_policy_verifier" . .Ft "struct kadm5_pw_policy_verifier" .
.Pp .Pp
Its
.Ft name .Ft name
and and
.Ft vendor .Ft vendor
is filled in with the obvious information and fields should be contain the obvious information and
.Ft version .Ft version
is set to should be
.Dv KADM5_PASSWD_VERSION_V1 . .Dv KADM5_PASSWD_VERSION_V1 .
The .Ft funcs
.Ft type contains an array of
contains a array of
.Ft "struct kadm5_pw_policy_check_func" .Ft "struct kadm5_pw_policy_check_func"
structures that is terminated with a entry where the structures that is terminated with an entry whose
.Ft name .Ft name
component is component is
.Dv NULL . .Dv NULL .
The
.Ft func
Fields of the array elements are functions that are exported by the
module to be called to check the password. They get the following
arguments: the Kerberos context, principal, password, a tuning parameter, and
a pointer to a message buffer and its length. The tuning parameter
for the quality check function is currently always
.Dv NULL .
If the password is acceptable, the function returns zero. Otherwise
it returns non-zero and fills in the message buffer with an
appropriate explanation.
.Sh RUNNING THE CHECKS
.Nm kadm5_setup_passwd_quality_check
sets up type 0 checks. It sets up all type 0 checks defined in
.Xr krb5.conf 5
if called with the last two arguments null.
.Pp
.Nm kadm5_add_passwd_quality_verifier
sets up type 1 checks. It sets up all type 1 tests defined in
.Xr krb5.conf 5
if called with a null second argument.
.Nm kadm5_check_password_quality
runs the checks in the order in which they are defined in
.Xr krb5.conf 5
and the order in which they occur in a
module's
.Ft funcs
array until one returns non-zero.
.Sh SEE ALSO .Sh SEE ALSO
.Xr krb5 3 , .Xr krb5 3 ,
.Xr krb5_get_error_string 3 .Xr krb5.conf 5 ,
.Xr libtool 1 .