Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
KADM5_PWCHECK(3)	    Library Functions Manual	      KADM5_PWCHECK(3)

NAME
       krb5_pwcheck,			     kadm5_setup_passwd_quality_check,
       kadm5_add_passwd_quality_verifier,   kadm5_check_password_quality    --
       Heimdal warning and error functions

LIBRARY
       Kerberos	5 Library (libkadm5srv,	-lkadm5srv)

SYNOPSIS
       #include	<kadm5-protos.h>
       #include	<kadm5-pwcheck.h>

       void
       kadm5_setup_passwd_quality_check(krb5_context context,
	   const char *check_library, const char *check_function);

       krb5_error_code
       kadm5_add_passwd_quality_verifier(krb5_context context,
	   const char *check_library);

       const char *
       kadm5_check_password_quality(krb5_context context,
	   krb5_principal principal, krb5_data *pwd_data);

       int
       (*kadm5_passwd_quality_check_func)(krb5_context context,
	   krb5_principal principal,  krb5_data	*password, const char *tuning,
	   char	*message, size_t length);

DESCRIPTION
       These functions perform the quality check for the heimdal database  li-
       brary.

       There are two versions of the shared object API;	the old	version	(0) is
       deprecated, but still supported.	 The new version (1) supports multiple
       password	 quality checking policies in the same shared object.  See be-
       low for details.

       The password quality checker will run all policies that are  configured
       by  the user.  If any policy rejects the	password, the password will be
       rejected.

       Policy names are	of the form `module-name:policy-name' or, if  the  the
       policy name is unique enough, just `policy-name'.

IMPLEMENTING A PASSWORD	QUALITY	CHECKING SHARED	OBJECT
       (This refers to the version 1 API only.)

       Module  shared  objects	may  conveniently  be compiled and linked with
       libtool(1).    An   object   needs   to	 export	  a   symbol	called
       `kadm5_password_verifier' of the	type struct kadm5_pw_policy_verifier.

       Its  name  and  vendor  fields  should contain the obvious information.
       name must match the `module-name' portion of the	policy name (the  part
       before  the  colon), if the policy name contains	a colon, or the	policy
       will not	be run.	 version should	be KADM5_PASSWD_VERSION_V1.

       funcs contains an array of struct kadm5_pw_policy_check_func structures
       that is terminated with an entry	whose name  component  is  NULL.   The
       name  field of the array	must match the `policy-name' portion of	a pol-
       icy name	(the part after	the colon, or  the  complete  policy  name  if
       there is	no colon) specified by the user	or the policy will not be run.
       The  func  fields of the	array elements are functions that are exported
       by the module to	be called to check the password.  They get the follow-
       ing arguments:  the Kerberos context, principal,	password, a tuning pa-
       rameter,	and a pointer to a message buffer and its length.  The	tuning
       parameter  for the quality check	function is currently always NULL.  If
       the password is acceptable, the function	returns	 zero.	 Otherwise  it
       returns	non-zero  and  fills in	the message buffer with	an appropriate
       explanation.

RUNNING	THE CHECKS
       kadm5_setup_passwd_quality_check	sets up	type 0 checks.	It sets	up all
       type 0 checks defined in	krb5.conf(5) if	called with the	last two argu-
       ments null.

       kadm5_add_passwd_quality_verifier sets up type 1	checks.	  It  sets  up
       all  type  1 tests defined in krb5.conf(5) if called with a null	second
       argument.  kadm5_check_password_quality runs the	checks in the order in
       which they are defined in krb5.conf(5) and the order in which they  oc-
       cur in a	module's funcs array until one returns non-zero.

SEE ALSO
       libtool(1), krb5(3), krb5.conf(5)

HEIMDAL			       February	29, 2004	      KADM5_PWCHECK(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=kadm5_pwcheck&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help