"Fossies" - the Fresh Open Source Software Archive

Member "krb5-1.18/doc/plugindev/pwqual.rst" (12 Feb 2020, 1243 Bytes) of package /linux/misc/krb5-1.18.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

Password quality interface (pwqual)

The pwqual interface allows modules to control what passwords are allowed when a user changes passwords. For a detailed description of the pwqual interface, see the header file <krb5/pwqual_plugin.h>.

The primary pwqual method is check, which receives a password as input and returns success (0) or a KADM5_PASS_Q_ failure code depending on whether the password is allowed. The check method also receives the principal name and the name of the principal's password policy as input; although there is no stable interface for the module to obtain the fields of the password policy, it can define its own configuration or data store based on the policy name.

A module can create and destroy per-process state objects by implementing the open and close methods. State objects have the type krb5_pwqual_moddata, which is an abstract pointer type. A module should typically cast this to an internal type for the state object. The open method also receives the name of the realm's dictionary file (as configured by the dict_file variable in the kdc_realms section of kdc.conf(5)) if it wishes to use it.