Well that is exactly what I did, grabed the patch, and slurped out the server_dict.c section, patched and compiled it with #define KADM5_USE_CRACKLIB 1, but when I try to change a password with kadmin or kpasswd it kills the kadmind server. I am using a redhat 7.3 cracklib rpm, so maybe I should get the source for craklib or something. It does not make sense as it works fine with the default server_dict, but not with the cracklib patch, yet the calls to cracklib seem quite simple and straight forward.
Now that I know it works for everyone else, I think I will start with a fresh rebuild of the krb5 and cracklib, as I am the only one to have this problem. Although I might just have to debug it to see what the hell is going on with my build that is not with everyone else's. I will let you know what if I decide to find out whats up. Thanks all for you input. Jason [EMAIL PROTECTED] (Raymond M Schneider) wrote in message news:<[EMAIL PROTECTED]>... > just some more info on this... i just grabbed the Kens monsterpatch, > stripped out everything except for the server_dict.c diff, and applied it > to server_dict.c from the latest MIT (that I just grabbed a moment ago). > > Every hunk applied successfully. After applying the patch, if you dont mind > having the use of cracklib forced all the time, then just set > > #define KADM5_USE_CRACKLIB 1 > > somewhere in the file before it is used, and whalla...done. this is > essentially what i have done in the past, and at least this part of the > monster patch applies cleanly. > > below ive included the stripped out bits from the monster patch for you: > > have fun. > > -ray > > Index: lib/kadm5/srv/server_dict.c > diff -c krb5/lib/kadm5/srv/server_dict.c:1.1.1.2 krb5/lib/kadm5/srv/server_dict. > c:1.5 > *** krb5/lib/kadm5/srv/server_dict.c:1.1.1.2 Mon Nov 3 16:35:35 1997 > --- krb5/lib/kadm5/srv/server_dict.c Thu Dec 4 12:23:30 1997 > *************** > *** 17,29 **** > --- 17,39 ---- > #include <stdlib.h> > #include <stdio.h> > #include <string.h> > + #ifdef HAVE_MEMORY_H > #include <memory.h> > + #endif > #include <syslog.h> > #include "server_internal.h" > > + #ifndef KADM5_USE_CRACKLIB > static char **word_list = NULL; /* list of word pointers */ > static char *word_block = NULL; /* actual word data */ > static int word_count = 0; /* number of words */ > + > + #else /* KADM5_USE_CRACKLIB */ > + static char *dict_path = NULL; > + extern char *FascistCheck(); > + > + #endif /* KADM5_USE_CRACKLIB */ > + > extern int errno; > > /* > *************** > *** 47,52 **** > --- 57,63 ---- > return (strcasecmp(*(char **)s1, *(char **)s2)); > } > > + #ifndef KADM5_USE_CRACKLIB > /* > * Function: init-dict > * > *************** > *** 196,198 **** > --- 207,287 ---- > word_count = 0; > return; > } > + > + #else /* KADM5_USE_CRACKLIB */ > + > + /* > + * Get dictionary file path from params, check it and store for later > + * use by find_word(). > + */ > + int init_dict(kadm5_config_params *params) > + { > + struct stat st; > + char *dict_file; > + > + > + if (dict_path) /* Already been initialized */ > + return KADM5_OK; > + > + if (! (params->mask & KADM5_CONFIG_DICT_FILE)) { > + syslog(LOG_INFO, "No dictionary file specified, continuing " > + "without one."); > + return KADM5_OK; > + } > + > + /* > + * Check for one of the cracklib dictionary files. We'll > + * assume that if it's there, then the other two are. > + * > + * Note that for cracklib the path specified is just the > + * prefix filename. The actual files will be the path > + * plus an appened ".hwm", ".pwd", and ".pwi". > + */ > + > + dict_file = malloc(strlen(params->dict_file) + 5); > + > + if (dict_file == NULL) { > + syslog(LOG_ERR, "malloc() failed."); > + return errno; > + } > + > + strcpy(dict_file, params->dict_file); > + strcat(dict_file, ".hwm"); > + > + if (stat(dict_file, &st) == 0) { > + dict_path = params->dict_file; > + syslog(LOG_INFO, "Using cracklib dictionary with prefix %s", dict_path); > + } else { > + syslog(LOG_ERR, "WARNING! Cannot find cracklib dictionary file %s, " > + "continuing without one.", dict_file); > + } > + > + free(dict_file); > + return KADM5_OK; > + } > + > + int > + find_word(const char *word) > + { > + char *msg; > + > + > + if (dict_path == NULL) > + return WORD_NOT_FOUND; > + > + if (msg = FascistCheck(word, dict_path)) { > + syslog(LOG_INFO, "cracklib rejected new change: %s", msg); > + return KADM5_OK; > + } else { > + return WORD_NOT_FOUND; > + } > + } > + > + void > + destroy_dict(void) > + { > + dict_path = NULL; > + return; > + } > + > + #endif /* KADM5_USE_CRACKLIB */ > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > http://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
