Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

C program to call pam_passwdqc.so and report password strength, pass/fail

Tags:

c

passwords

pam

Is it possible (and where would I find the interface documentation) to write a simple C program to use pam_passwdqc.so to determine if a potential password will be strong enough to pass muster under passwd?

like image 867
Don Avatar asked Jan 24 '11 21:01

Don

2 Answers

I think what you actually want is libpasswdqc, which is the stand alone version of the PAM module. The source / download links are at the middle of the page(note, if you just want the checking functionality, you probably just want the library).

The file INTERNALS points you to the header, which is brief and self explanatory. The file pwqcheck.c illustrates pretty much what you want to accomplish.

At least on my Ubuntu workstation, I could not find a package that didn't also install all of the PAM bits. The stand alone library is small enough to drop into almost any tree, if the dependency would be problematic for you.

Then again, you could try linking to the DSO, The interface might be the same. The way my OS packages it, it's kind of hard to tell. The library uses the most permissive version of the BSD license that I've ever seen, so dropping it in place is a non-issue:

Redistribution and use in source and binary forms, with or without modification, are permitted.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

like image 121
Tim Post Avatar answered Sep 24 '22 13:09

Tim Post

Pam is using cracklib for password checking, you should check it also.

like image 35
Maciej Avatar answered Sep 25 '22 13:09

Maciej
Sign in to Comment

Related questions

Restricted pointer questions
Sending SIGSTOP to a child process stops all execution. C
Finding the smallest integer that can not be represented as an IEEE-754 32 bit float [duplicate]
Requesting complete, compilable libxml2 sax example
How to find out if a socket is already in Non-Blocking mode in Windows?
possible to retrieve time left on a glib 'event?'
Linux kernel module compiling
How do I modify a time_t timestamp in C?
Looking for a pure c-version of math.h functions (no co-processor support) [closed]
Initializing a dynamically-sized Variable-Length Array (VLA) to 0
Saving xlib XImage to PNG
overwrite in the middle of a File
Explain how the AF flag works in an x86 instructions?
SWIG - Garbage Collection using %newobject
C library for parsing query strings?
Mandatory options with getopt_long() in C
Resource acquisition and pthreads
Does this self-assignment do something sensible?
Why does "typdef struct { struct S *s; } S;" containing a pointer to same type compile?
What are the semantics of overlapping objects in C?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!