The CrackLib package contains a library used to enforce strong passwords by comparing user selected passwords to words in chosen word lists.
Download (HTTP): http://downloads.sourceforge.net/cracklib/cracklib-2.8.12.tar.gz
Download (FTP): ftp://ftp.linux.ee/pub/gentoo/distfiles/distfiles/cracklib-2.8.12.tar.gz
Download MD5 sum: 580346fa1012f9d9769192f49d3801fa
Download size: 576 KB
Estimated disk space required: 29 MB
Estimated build time: 0.3 SBU
Recommended word list for English-speaking countries (size: 4.4 MB; md5sum: f8be7949b1bbc044e36039598a7819d9): http://downloads.sourceforge.net/cracklib/cracklib-words-20080203.gz
There are additional word lists available for download, e.g., from http://www.cotse.com/tools/wordlists.htm. CrackLib can utilize as many, or as few word lists you choose to install.
Users tend to base their passwords on regular words of the spoken language, and crackers know that. CrackLib is intended to filter out such bad passwords at the source using a dictionary created from word lists. To accomplish this, the word list(s) for use with CrackLib must be an exhaustive list of words and word-based keystroke combinations likely to be chosen by users of the system as (guessable) passwords.
The default word list recommended above for downloading mostly satisfies this role in English-speaking countries. In other situations, it may be necessary to download (or even create) additional word lists.
Note that word lists suitable for spell-checking are not usable as CrackLib word lists in countries with non-Latin based alphabets, because of “word-based keystroke combinations” that make bad passwords.
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/cracklib
Install CrackLib by running the following commands:
./configure --prefix=/usr \ --with-default-dict=/lib/cracklib/pw_dict && make
Now, as the root
user:
make install && mv -v /usr/lib/libcrack.so.2* /lib && ln -v -sf ../../lib/libcrack.so.2.8.0 /usr/lib/libcrack.so
Issue the following commands as the root
user to install the recommended word list
and create the CrackLib
dictionary. Other word lists (text based, one word per line) can
also be used by simply installing them into /usr/share/dict
and adding them to the
create-cracklib-dict
command.
install -v -m644 -D ../cracklib-words-20080203.gz \ /usr/share/dict/cracklib-words.gz && gunzip -v /usr/share/dict/cracklib-words.gz && ln -v -s cracklib-words /usr/share/dict/words && echo $(hostname) >>/usr/share/dict/cracklib-extra-words && install -v -m755 -d /lib/cracklib && create-cracklib-dict /usr/share/dict/cracklib-words \ /usr/share/dict/cracklib-extra-words
If desired, check the proper operation of the library as an unprivileged user by creating a test data file and running the tests using the following commands:
cat > test-data <<"EOF" && antzer G@ndalf neulinger lantzer Pa$$w0rd PaS$W0rd Pas$w0rd Pas$W0rd Pa$sw0rd Pa$sW0rd EOF make test
If you are installing CrackLib after your LFS system has been completed and you have the Shadow package installed, you must reinstall Shadow-4.0.18.1 if you wish to provide strong password support on your system. If you are now going to install the Linux-PAM-0.99.10.0 package, you may disregard this note as Shadow will be reinstalled after the Linux-PAM installation.
--with-default-dict=/lib/cracklib/pw_dict
:
This parameter forces the installation of the CrackLib dictionary to the /lib
hierarchy.
mv -v /usr/lib/libcrack.so.2*
/lib and ln -v -sf
../../lib/libcrack.so.2.8.0 ...: These two commands
move the libcrack.so.2.8.0
library
and associated symlink from /usr/lib
to /lib
, then recreates the
/usr/lib/libcrack.so
symlink pointing
to the relocated file.
install -v -m644 -D
...: This command creates the /usr/share/dict
directory (if it doesn't already
exist) and installs the compressed word list there.
ln -v -s cracklib-words
/usr/share/dict/words: The word list is linked to
/usr/share/dict/words
as
historically, words
is the primary
word list in the /usr/share/dict
directory. Omit this command if you already have a /usr/share/dict/words
file installed on your
system.
echo $(hostname)
>>...: The value of hostname is echoed to a file
called cracklib-extra-words
. This
extra file is intended to be a site specific list which includes
easy to guess passwords such as company or department names, user's
names, product names, computer names, domain names, etc.
create-cracklib-dict ...: This command creates the CrackLib dictionary from the word lists. Modify the command to add any additional word lists you have installed.
Last updated on 2008-08-17 08:22:54 -0500