[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: failed to find password verifier function




jay alvarez <kerber0sb0y@yahoo.com> writes:

> Hi,
>
> I'm having a hard time understanding how the
> password_policy syntax must be written. I hope you
> could help me.
>
> In the documentation(0.7.2):
> _____________________________________
> "To configure in these controls, add lines similar to
> the following to your `/etc/krb5.conf':"
>
> [password_quality]
>    policies = external-check builtin:minimum-length   
>      module:policyname
>    external_program = /bin/false
>    policy_libraries = LIBRARY1.SO LIBRARY2.SO
> __________________________________________
>
> It's kind of confusing to me, specially the first line
> (policies = ...), lots of confusing keywords
> ("builtin", "module", "policyname") yet very little
> explanation. I'm guessing that I would put here the
> list of policies I want to implement so for
> [password_quality]policies, I put:
>
> policies =
> external-check:minimum-length:character-class
>
> Are these correct, or should it be,
> "external_program", "min_length", "min_classes"???

The policies are space separated. Each policy entry have this format
[module:]test. The module defined is in one of the
[kadmin]policy_libraries, one policy library can contain several modules.

There is the special builtin policy module, it contains external-check,
character-class, and minimum-length policies.

I guess you [kadmin] section should look like this:

[kadmin]
        policies = builtin:external-check
        policies = builtin:character-class
        policies = builtin:minimum-length

        external_program = /usr/local/heimdal/bin/check-cracklib.pl
	min_length = 10
	min_classes = 4


> google brought me here:
> http://www.stacken.kth.se/lists/heimdal-discuss/2005-06/msg00102.html
>
> .. but i'm not sure what it does (seems like a patch
> to krb5.conf manual...)
>
> What's more confusing is how will I ever make the
> cracklib to work with this external program such as
> that of check-cracklib.pl... The documentation says
> that in order to use the sample library provided in
> the source (sample_password_check.c) as well as the
> example policy external program(check_cracklib.pl),
> they require cracklib library built with the
> cracklib.patch found in ftp.pdc.. The box is running
> FreeBSD6.1, cracklib2.7 is installable via ports
> however, I'm not really sure how to patch the cracklib
> source.. if I manually patch and build and  install
> the cracklib2.7, no crack.h or packer.h(required by
> check-cracklib.pl) gets installed (only the 3 files
> pw_dict.hwm    pw_dict.pwd pw_dict.pwi) unlike when
> installing via ports system.

The problem with unpatch cracklib is that is tries do it getpwent on the
username to get the real name of the user, and when this failes, it failes
too.

> Now, on my new installation heimdal0.7.2, it says:
> kadmin: kadm5_check_password_quality: failed to find
> password verifier function

This is that your policy name
(external-check:minimum-length:character-class) is not found.

Love

PGP signature