Filewatcher File Search File Search
Content Search
» » » » » heimdal-dev_1.4.0-5~bpo60+1_i386.deb » Content »
pkg://heimdal-dev_1.4.0-5~bpo60+1_i386.deb:140714/usr/share/man/man3/  info  control  downloads

heimdal-dev - Heimdal Kerberos - development files…  more info»


KADM5_PWCHECK(3)    BSD Library Functions Manual    KADM5_PWCHECK(3)

     krb5_pwcheck, kadm5_setup_passwd_quality_check,
     kadm5_add_passwd_quality_verifier, kadm5_check_password_quality
     — Heimdal warning and error functions

     Kerberos 5 Library (libkadm5srv, -lkadm5srv)

     #include <kadm5-protos.h>
     #include <kadm5-pwcheck.h>

     kadm5_setup_passwd_quality_check(krb5_context context,
         const char *check_library, const char *check_function);

     kadm5_add_passwd_quality_verifier(krb5_context context,
         const char *check_library);

     const char *
     kadm5_check_password_quality(krb5_context context,
         krb5_principal principal, krb5_data *pwd_data);

     (*kadm5_passwd_quality_check_func)(krb5_context context,
         krb5_principal principal, krb5_data *password,
         const char *tuning, char *message, size_t length);

     These functions perform the quality check for the heimdal data‐
     base library.

     There are two versions of the shared object API; the old ver‐
     sion (0) is deprecated, but still supported.  The new version
     (1) supports multiple password quality checking policies in the
     same shared object.  See below for details.

     The password quality checker will run all policies that are
     configured by the user.  If any policy rejects the password,
     the password will be rejected.

     Policy names are of the form ‘module-name:policy-name’ or, if
     the the policy name is unique enough, just ‘policy-name’.

     (This refers to the version 1 API only.)

     Module shared objects may conveniently be compiled and linked
     with libtool(1).  An object needs to export a symbol called
     ‘kadm5_password_verifier’ of the type struct

     Its name and vendor fields should contain the obvious informa‐
     tion.  name must match the ‘module-name’ portion of the policy
     name (the part before the colon), if the policy name contains a
     colon, or the policy will not be run.  version should be

     funcs contains an array of struct kadm5_pw_policy_check_func
     structures that is terminated with an entry whose name compo‐
     nent is NULL.  The name field of the array must match the
     ‘policy-name’ portion of a policy name (the part after the
     colon, or the complete policy name if there is no colon) speci‐
     fied by the user or the policy will not be run.  The func
     fields of the array elements are functions that are exported by
     the module to be called to check the password.  They get the
     following arguments:  the Kerberos context, principal, pass‐
     word, a tuning parameter, and a pointer to a message buffer and
     its length.  The tuning parameter for the quality check func‐
     tion is currently always NULL.  If the password is acceptable,
     the function returns zero.  Otherwise it returns non-zero and
     fills in the message buffer with an appropriate explanation.

     kadm5_setup_passwd_quality_check sets up type 0 checks.  It
     sets up all type 0 checks defined in krb5.conf(5) if called
     with the last two arguments null.

     kadm5_add_passwd_quality_verifier sets up type 1 checks.  It
     sets up all type 1 tests defined in krb5.conf(5) if called with
     a null second argument.  kadm5_check_password_quality runs the
     checks in the order in which they are defined in krb5.conf(5)
     and the order in which they occur in a module's funcs array
     until one returns non-zero.

     libtool(1), krb5(3), krb5.conf(5)

HEIMDAL                   February 29, 2004                  HEIMDAL
Results 1 - 1 of 1
Help - FTP Sites List - Software Dir.
Search over 15 billion files
© 1997-2017