acceptable_password man page on DigitalUNIX

Printed from

acceptable_password(3)					acceptable_password(3)

       acceptable_password - Determines if a password meets deduction require‐
       ments (Enhanced Security)

       int acceptable_password(
	       char *word,
	       FILE *stream );

       Enhanced Security Library (libsecurity)

       Points to the suggested password.  Points to the stream to write	 diag‐
       nostics into.

       The  acceptable_password() function determines if the given password is
       difficult to deduce from well known, password-guessing heuristics.  The
       cleartext (plaintext) password is passed as the first argument, and the
       file pointer of the stream that is used to report  failure  reasons  is
       the  second  argument.	If  this  checking is to be silent, the second
       argument should be a null file pointer.

       When the acceptable_password() function returns a value of 1, the pass‐
       word provided meets all the tests listed in the following text. When it
       returns a value of 0 (zero), the password failed to meet at  least  one
       of the tests.

       The selectivity criteria for the password include but cannot be limited
       to the following four tests: This test passes if	 the  word  is	not  a
       palindrome.  (A palindrome is a word that is spelled the same backwards
       as it is forwards.) Examples of palindromes that	 fail  this  test  are
       mom,  dad,  noon,  redivider, radar. Palindromes do not make good pass‐
       words because they reduce an n character password to n/2	 +  1  charac‐
       ters.  A	 penetrator  knowing  that  palindromes	 were  legal could use
       heuristics that could deduce the password much  more  quickly  than  if
       they  were excluded.  This test passes if the password is not a deriva‐
       tive of a login name for the system. Many insecure systems allow	 pass‐
       words  to  be the login name itself. This is a fact known by many pene‐
       trators.	 All login names are excluded because a user that is the owner
       of  several  pseudouser accounts can elect to use the login name of one
       account as the password for all accounts.  Similar to  the  login  name
       issue, this test passes if the password is not a group name derivative.
       This test passes if the spell program determines that the  password  is
       not  an	English	 word.	 A penetrator then could not search the online
       dictionary to find the password.	  The  spell  program  also  has  some
       built-in rules that go beyond the actual online dictionary in determin‐
       ing what is a proper word, and this routine takes advantage of that.

       Programs that use this routine must be compiled with -lsecurity.

       System password file.  System group file.

       Commands: spell(1)

       Functions: getpwent(3), getgrent(3)


List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net