On Wed, 15 Jan 2003, Pierre Belanger wrote: > Last night I did a "grep -i todo" in the source code, to see > if I could contribute a little bit more ;-) I found the > following: > > smbd/chgpasswd.c: /* TODO: Add cracklib support here */ > > I started working on this last night (using SAMBA_3_0 > branch) and do have something working (the "configure.in", > documentation, etc is not done yet). I had to make my own > "API" to cracklib to make this work because the original API > uses getuid() and getpwuid() to get the username and fullname > (gecos). I also found a lot of places in the cracklib code > that is really not "full-proof". So... in the search for > a better solution: > > Tonight, I checked the "cracklib" included in "npasswd". > (I found a bug, it's also in the original cracklib!!!) > There isn't a better "API", still uses getuid()/getpwuid().
I am now a couple of years out of touch with "cracklib" stuff, so check what I say, don't necessarily believe it! There is some actively maintained "cracklib" material in the "Linux-PAM" project: http://sourceforge.net/projects/pam My understanding is that "Linux-PAM" is used widely on various Linux distributions (I have very little first-hand knowledge of Linux). It also (notwithstanding the name) aims to be compatible with other PAM-enabled OSes (Solaris, HP, ...). Indeed we have been running Linux-PAM's cracklib in our Solaris PAM structure for a couple of years. (It's so neat, it doesn't require any maintenance attention, so I have now forgotten its detail!) So I would suggest exploring the possibilities that might be provided by Linux-PAM. Bear in mind, too, that Andrew Bartlett is doing much work within Samba to rationalise and add modular flexibility to its authentication subsystem, including cooperating with PAM (for those systems that have it). If I recall correctly it does require an external "cracklib" library. But exploring this route might help with constructing a suitable, mutually sympathetic API for Samba/crack (and possible PAM) interactions. > Do I continue working on this or not? Your ideas sound promising. I'm simply suggesting exploring what possibilities (if any) may exist with Linux-PAM's cracklib module and its related things, and coordinating this work with Andrew Bartlett's work withing Samba to achieve maximum mutual benefit to both projects (Linux-PAM and Samba) and minimal risk of code-forking and fragmentation. Hope that helps. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. :
