Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

data::password(3pm) [debian man page]

Password(3pm)						User Contributed Perl Documentation					     Password(3pm)

NAME

       Data::Password - Perl extension for assesing password quality.

SYNOPSIS

	       use Data::Password qw(IsBadPassword);

	       print IsBadPassword("clearant");

	       # Bad password - contains the word 'clear', only lowercase

	       use Data::Password qw(:all);

	       $DICTIONARY = 0;

	       $GROUPS = 0;

	       print IsBadPassword("clearant");

DESCRIPTION

       This modules checks potential passwords for crackability.  It checks that the password is in the appropriate length, that it has enough
       character groups, that it does not contain the same chars repeatedly or ascending or descending characters, or charcters close to each
       other in the keyboard.  It will also attempt to search the ispell word file for existance of whole words.  The module's policies can be
       modified by changing its variables.  (Check "VARIABLES").  For doing it, it is recommended to import the ':all' shortcut when requiring it:

       use Data::Password qw(:all);

FUNCTIONS

       1.  IsBadPassword(password)

	   Returns undef if the password is ok, or a textual description of the fault if any.

       2.  IsBadPasswordForUNIX(user, password)

	   Performs two additional checks: compares the password against the login name and the "comment" (ie, real name) found on the user file.

VARIABLES

       1.  $DICTIONARY

	   Minimal length for dictionary words that are not allowed to appear in the password. Set to false to disable dictionary check.

       2.  $FOLLOWING

	   Maximal length of characters in a row to allow if the same or following.  If $FOLLOWING_KEYBOARD is true (default), the module will
	   also check for alphabetical keys following, according to the English keyboard layout.  Set $FOLLOWING to false to bypass this check.

       3.  $GROUPS

	   Groups of characters are lowercase letters, uppercase letters, digits and the rest of the allowed characters. Set $GROUPS to the number
	   of minimal character groups a password is required to have.	Setting to false or to 1 will bypass the check.

       4.  $MINLEN

	   $MAXLEN

	   Minimum and maximum length of a password. Both can be set to false.

       5.  @DICTIONARIES

	   Location where we are looking for dictionary files. You may want to set this variable if you are using not *NIX like operating system.

FILES

       o   /usr/share/dict/web2

       o   /usr/share/dict/words

       o   /etc/passwd

SEE ALSO

       See Data::Password::BasicCheck if you need only basic password checking.

AUTHOR

       Raz Information Systems, razinf@cpan.org, raz@raz.co.il.

COPYRIGHT

       Copyright (c) 2001 - 2006  Raz Information Systems Ltd.	http://www.raz.co.il/

       This package is distributed under the same terms as Perl itself, see the Artistic License on Perl's home page.

perl v5.12.3							    2011-05-23							     Password(3pm)

Check Out this Related Man Page

PAM_PWHISTORY(8)						 Linux-PAM Manual						  PAM_PWHISTORY(8)

NAME

       pam_pwhistory - PAM module to remember last passwords

SYNOPSIS

       pam_pwhistory.so [debug] [use_authtok] [enforce_for_root] [remember=N] [retry=N] [authtok_type=STRING]

DESCRIPTION

       This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the
       same password too frequently.

       This module does not work together with kerberos. In general, it does not make much sense to use this module in conjunction with NIS or
       LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking.

OPTIONS

       debug
	   Turns on debugging via syslog(3).

       use_authtok
	   When password changing enforce the module to use the new password provided by a previously stacked password module (this is used in the
	   example of the stacking of the pam_cracklib module documented below).

       enforce_for_root
	   If this option is set, the check is enforced for root, too.

       remember=N
	   The last N passwords for each user are saved in /etc/security/opasswd. The default is 10.

       retry=N
	   Prompt user at most N times before returning with error. The default is 1.

       authtok_type=STRING
	   See pam_get_authtok(3) for more details.

MODULE TYPES PROVIDED

       Only the password module type is provided.

RETURN VALUES

       PAM_AUTHTOK_ERR
	   No new password was entered, the user aborted password change or new password couldn't be set.

       PAM_IGNORE
	   Password history was disabled.

       PAM_MAXTRIES
	   Password was rejected too often.

       PAM_USER_UNKNOWN
	   User is not known to system.

EXAMPLES

       An example password section would be:

	   #%PAM-1.0
	   password	required       pam_pwhistory.so
	   password	required       pam_unix.so	  use_authtok

       In combination with pam_cracklib:

	   #%PAM-1.0
	   password	required       pam_cracklib.so	  retry=3
	   password	required       pam_pwhistory.so   use_authtok
	   password	required       pam_unix.so	  use_authtok

FILES

       /etc/security/opasswd
	   File with password history

SEE ALSO

       pam.conf(5), pam.d(5), pam(8) pam_get_authtok(3)

AUTHOR

       pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de>

Linux-PAM Manual						    06/04/2011							  PAM_PWHISTORY(8)
Man Page