Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ accept_pw(S) — OpenDesktop Software Development System 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

spell(C)

getpwent(S)

getgrent(S)


 accept_pw(S)                   6 January 1993                   accept_pw(S)


 Name

    acceptable_password - determine if password is cryptic

 Syntax


    cc  . . .  -lprot


    #include <sys/types.h>
    #include <sys/security.h>
    #include <sys/audit.h>
    #include <prot.h>

    int acceptable_password (word, stream)
    char *word;
    FILE *stream;


 Description

    This routine determines if the given password is reasonable; that is, it
    is very hard to deduce from a number of heuristic means.  The cleartext
    (plaintext) password is passed in as the argument word and the second
    argument, stream, is a file pointer to report failure-reason messages.
    If this checking is to be silent, the second argument should be a NULL
    file pointer so that no messages will be output to the stream.

    When acceptablepassword returns a 1, the password provided meets all the
    tests described below.  When it returns a 0, the password failed to meet
    at least one of the tests or an internal error occurred.

    The selectivity criteria for the password include but may not be limited
    to the following four tests:

    palindrome     This test is passed if the word is not a palindrome.  (A
                   palindrome is a word that is spelled the same backwards as
                   forwards.)  Examples of palindromes that fail on this test
                   are:  mom, dad, noon, redivider, radar.  Palindromes do
                   not make good passwords because they reduce an n character
                   password to n/2 + 1 characters.  A penetrator knowing that
                   palindromes were legal could use heuristics that could
                   deduce the password much more quickly than if they were
                   excluded.

    login name     This test is passed if the password is not a system login
                   name or a closely related string.  Unsecure systems allow
                   passwords to be the login name itself.  This is a fact
                   known by many penetrators.  All login names are excluded
                   because a user that is the owner of several pseudo-user
                   accounts may elect to use the login name of one account as
                   the password for all his accounts.

    group name     Similar to the login name issue, this test is passed if
                   the password is not a group name or a closely related
                   string.

    English word   This test is passed if the spell(C) program determines
                   that the supplied password is not an English word so that
                   a penetrator cannot search the on-line dictionary to find
                   the password.  The spell program also has some built-in
                   rules that go beyond the actual on-line dictionary in
                   determining what is a proper word which this routine takes
                   advantage of.


 Return value

    When a supplied password meets all of the criteria, the
    acceptablepassword returns a value of 1.  If the supplied password fails
    one of the tests or if an internal error occurs, a value of 0 is returned
    by the routine.

 Note

    This routine works correctly only if setauthparameters is called as the
    first item in main().

 Files


    /etc/passwd
    /etc/group
    /usr/lib/spell/*


 See also

    spell(C), getpwent(S), getgrent(S)

 Standards conformance

    acceptablepassword is not part of any currently supported standard; it
    is an extension of AT&T System V provided by the Santa Cruz Operation.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026