SPUG:help with good passwords
Brian Hatch
spug at ifokr.org
Tue May 13 19:42:07 CDT 2003
> My challenge is that passwd keep strict rules about
> what kind of passwords are good (not based on a
> dictionary word, at least n characters), and will
> error if the password is bad.
It's probably using cracklib.
Here's what I wrote years ago (still works)
# try cracklib
use FileHandle;
use IPC::Open2;
open2(*RD, *WR, "/usr/sbin/crack_testlib") or bail "crack_testlib
failed";
print WR "$NEWPW\n" or bail "Couldn't write";
close WR;
my($pw,$reason);
while (<RD>) {
($pw,$reason) = split /: /;
# Strip trailing space
$reason =~ s/\s*$//g;
if ($pw eq $NEWPW) {
last if ($reason eq 'ok')
}
}
close RD;
if ( $reason ne "ok" ) {
<h2>Password Strength Error</h2>
Sorry, the password you supplied is not strong enough.
The automated password checking routine said the following:
<p>
<b>"$reason"</b>
<p>
Please go back and try again with a stronger password.
EOM
}
--
Brian Hatch "All we need to do is stop
Systems and idiot-proofing the world.
Security Engineer Pretty soon, we'll run out
http://www.ifokr.org/bri/ of idiots."
-unknown
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.pm.org/pipermail/spug-list/attachments/20030513/2f8df97c/attachment.bin
More information about the spug-list
mailing list