aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_cracklib
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_cracklib')
-rw-r--r--modules/pam_cracklib/Makefile.am33
-rw-r--r--modules/pam_cracklib/Makefile.in1148
-rw-r--r--modules/pam_cracklib/README254
-rw-r--r--modules/pam_cracklib/README.xml41
-rw-r--r--modules/pam_cracklib/pam_cracklib.8363
-rw-r--r--modules/pam_cracklib/pam_cracklib.8.xml592
-rw-r--r--modules/pam_cracklib/pam_cracklib.c899
-rwxr-xr-xmodules/pam_cracklib/tst-pam_cracklib2
8 files changed, 0 insertions, 3332 deletions
diff --git a/modules/pam_cracklib/Makefile.am b/modules/pam_cracklib/Makefile.am
deleted file mode 100644
index e11c42d7..00000000
--- a/modules/pam_cracklib/Makefile.am
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@suse.de>
-#
-
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-
-EXTRA_DIST = $(XMLS)
-
-if HAVE_DOC
-dist_man_MANS = pam_cracklib.8
-endif
-XMLS = README.xml pam_cracklib.8.xml
-dist_check_SCRIPTS = tst-pam_cracklib
-TESTS = $(dist_check_SCRIPTS)
-
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- $(WARN_CFLAGS)
-AM_LDFLAGS = -no-undefined -avoid-version -module
-if HAVE_VERSIONING
- AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
-endif
-pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \
- @LIBCRACK@ @LIBCRYPT@
-securelib_LTLIBRARIES = pam_cracklib.la
-
-if ENABLE_REGENERATE_MAN
-dist_noinst_DATA = README
--include $(top_srcdir)/Make.xml.rules
-endif
diff --git a/modules/pam_cracklib/Makefile.in b/modules/pam_cracklib/Makefile.in
deleted file mode 100644
index 9cd1afc5..00000000
--- a/modules/pam_cracklib/Makefile.in
+++ /dev/null
@@ -1,1148 +0,0 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-#
-# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@suse.de>
-#
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
-subdir = modules/pam_cracklib
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
- $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
- $(top_srcdir)/m4/japhar_grep_cflags.m4 \
- $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
- $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
- $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
- $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
- $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
- $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
- $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
-LTLIBRARIES = $(securelib_LTLIBRARIES)
-pam_cracklib_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
-pam_cracklib_la_SOURCES = pam_cracklib.c
-pam_cracklib_la_OBJECTS = pam_cracklib.lo
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/pam_cracklib.Plo
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = pam_cracklib.c
-DIST_SOURCES = pam_cracklib.c
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-man8dir = $(mandir)/man8
-NROFF = nroff
-MANS = $(dist_man_MANS)
-am__dist_noinst_DATA_DIST = README
-DATA = $(dist_noinst_DATA)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__tty_colors_dummy = \
- mgn= red= grn= lgn= blu= brg= std=; \
- am__color_tests=no
-am__tty_colors = { \
- $(am__tty_colors_dummy); \
- if test "X$(AM_COLOR_TESTS)" = Xno; then \
- am__color_tests=no; \
- elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
- am__color_tests=yes; \
- elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
- am__color_tests=yes; \
- fi; \
- if test $$am__color_tests = yes; then \
- red=''; \
- grn=''; \
- lgn=''; \
- blu=''; \
- mgn=''; \
- brg=''; \
- std=''; \
- fi; \
-}
-am__recheck_rx = ^[ ]*:recheck:[ ]*
-am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
-am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]*
-# A command that, given a newline-separated list of test names on the
-# standard input, print the name of the tests that are to be re-run
-# upon "make recheck".
-am__list_recheck_tests = $(AWK) '{ \
- recheck = 1; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- { \
- if ((getline line2 < ($$0 ".log")) < 0) \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
- { \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
- { \
- break; \
- } \
- }; \
- if (recheck) \
- print $$0; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# A command that, given a newline-separated list of test names on the
-# standard input, create the global log from their .trs and .log files.
-am__create_global_log = $(AWK) ' \
-function fatal(msg) \
-{ \
- print "fatal: making $@: " msg | "cat >&2"; \
- exit 1; \
-} \
-function rst_section(header) \
-{ \
- print header; \
- len = length(header); \
- for (i = 1; i <= len; i = i + 1) \
- printf "="; \
- printf "\n\n"; \
-} \
-{ \
- copy_in_global_log = 1; \
- global_test_result = "RUN"; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".trs"); \
- if (line ~ /$(am__global_test_result_rx)/) \
- { \
- sub("$(am__global_test_result_rx)", "", line); \
- sub("[ ]*$$", "", line); \
- global_test_result = line; \
- } \
- else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
- copy_in_global_log = 0; \
- }; \
- if (copy_in_global_log) \
- { \
- rst_section(global_test_result ": " $$0); \
- while ((rc = (getline line < ($$0 ".log"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".log"); \
- print line; \
- }; \
- printf "\n"; \
- }; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# Restructured Text title.
-am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
-# Solaris 10 'make', and several other traditional 'make' implementations,
-# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it
-# by disabling -e (using the XSI extension "set +e") if it's set.
-am__sh_e_setup = case $$- in *e*) set +e;; esac
-# Default flags passed to test drivers.
-am__common_driver_flags = \
- --color-tests "$$am__color_tests" \
- --enable-hard-errors "$$am__enable_hard_errors" \
- --expect-failure "$$am__expect_failure"
-# To be inserted before the command running the test. Creates the
-# directory for the log if needed. Stores in $dir the directory
-# containing $f, in $tst the test, in $log the log. Executes the
-# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
-# passes TESTS_ENVIRONMENT. Set up options for the wrapper that
-# will run the test scripts (or their associated LOG_COMPILER, if
-# thy have one).
-am__check_pre = \
-$(am__sh_e_setup); \
-$(am__vpath_adj_setup) $(am__vpath_adj) \
-$(am__tty_colors); \
-srcdir=$(srcdir); export srcdir; \
-case "$@" in \
- */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \
- *) am__odir=.;; \
-esac; \
-test "x$$am__odir" = x"." || test -d "$$am__odir" \
- || $(MKDIR_P) "$$am__odir" || exit $$?; \
-if test -f "./$$f"; then dir=./; \
-elif test -f "$$f"; then dir=; \
-else dir="$(srcdir)/"; fi; \
-tst=$$dir$$f; log='$@'; \
-if test -n '$(DISABLE_HARD_ERRORS)'; then \
- am__enable_hard_errors=no; \
-else \
- am__enable_hard_errors=yes; \
-fi; \
-case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \
- am__expect_failure=yes;; \
- *) \
- am__expect_failure=no;; \
-esac; \
-$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
-# A shell command to get the names of the tests scripts with any registered
-# extension removed (i.e., equivalently, the names of the test logs, with
-# the '.log' extension removed). The result is saved in the shell variable
-# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly,
-# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
-# since that might cause problem with VPATH rewrites for suffix-less tests.
-# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
-am__set_TESTS_bases = \
- bases='$(TEST_LOGS)'; \
- bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
- bases=`echo $$bases`
-RECHECK_LOGS = $(TEST_LOGS)
-AM_RECURSIVE_TARGETS = check recheck
-TEST_SUITE_LOG = test-suite.log
-TEST_EXTENSIONS = @EXEEXT@ .test
-LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
-LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
-am__set_b = \
- case '$@' in \
- */*) \
- case '$*' in \
- */*) b='$*';; \
- *) b=`echo '$@' | sed 's/\.log$$//'`; \
- esac;; \
- *) \
- b='$*';; \
- esac
-am__test_logs1 = $(TESTS:=.log)
-am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
-TEST_LOGS = $(am__test_logs2:.test.log=.log)
-TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
-TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
- $(TEST_LOG_FLAGS)
-am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BROWSER = @BROWSER@
-BUILD_CFLAGS = @BUILD_CFLAGS@
-BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
-BUILD_LDFLAGS = @BUILD_LDFLAGS@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CC_FOR_BUILD = @CC_FOR_BUILD@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-ECONF_CFLAGS = @ECONF_CFLAGS@
-ECONF_LIBS = @ECONF_LIBS@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-FO2PDF = @FO2PDF@
-GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
-GMSGFMT = @GMSGFMT@
-GMSGFMT_015 = @GMSGFMT_015@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INTLLIBS = @INTLLIBS@
-INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
-LIBCRYPT = @LIBCRYPT@
-LIBDB = @LIBDB@
-LIBDL = @LIBDL@
-LIBICONV = @LIBICONV@
-LIBINTL = @LIBINTL@
-LIBOBJS = @LIBOBJS@
-LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
-LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
-LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
-LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
-LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
-LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
-LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
-LIBS = @LIBS@
-LIBSELINUX = @LIBSELINUX@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBICONV = @LTLIBICONV@
-LTLIBINTL = @LTLIBINTL@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MSGFMT = @MSGFMT@
-MSGFMT_015 = @MSGFMT_015@
-MSGMERGE = @MSGMERGE@
-NIS_CFLAGS = @NIS_CFLAGS@
-NIS_LIBS = @NIS_LIBS@
-NM = @NM@
-NMEDIT = @NMEDIT@
-NSL_CFLAGS = @NSL_CFLAGS@
-NSL_LIBS = @NSL_LIBS@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POSUB = @POSUB@
-RANLIB = @RANLIB@
-SCONFIGDIR = @SCONFIGDIR@
-SECUREDIR = @SECUREDIR@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
-STRIP = @STRIP@
-TIRPC_CFLAGS = @TIRPC_CFLAGS@
-TIRPC_LIBS = @TIRPC_LIBS@
-USE_NLS = @USE_NLS@
-VERSION = @VERSION@
-WARN_CFLAGS = @WARN_CFLAGS@
-XGETTEXT = @XGETTEXT@
-XGETTEXT_015 = @XGETTEXT_015@
-XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
-XMLCATALOG = @XMLCATALOG@
-XMLLINT = @XMLLINT@
-XML_CATALOG_FILE = @XML_CATALOG_FILE@
-XSLTPROC = @XSLTPROC@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
-pam_xauth_path = @pam_xauth_path@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = $(XMLS)
-@HAVE_DOC_TRUE@dist_man_MANS = pam_cracklib.8
-XMLS = README.xml pam_cracklib.8.xml
-dist_check_SCRIPTS = tst-pam_cracklib
-TESTS = $(dist_check_SCRIPTS)
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- $(WARN_CFLAGS)
-
-AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
-pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \
- @LIBCRACK@ @LIBCRYPT@
-
-securelib_LTLIBRARIES = pam_cracklib.la
-@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_cracklib/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu modules/pam_cracklib/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
- }
-
-uninstall-securelibLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
- done
-
-clean-securelibLTLIBRARIES:
- -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
- @list='$(securelib_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-pam_cracklib.la: $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_DEPENDENCIES) $(EXTRA_pam_cracklib_la_DEPENDENCIES)
- $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_cracklib.Plo@am__quote@ # am--include-marker
-
-$(am__depfiles_remade):
- @$(MKDIR_P) $(@D)
- @echo '# dummy' >$@-t && $(am__mv) $@-t $@
-
-am--depfiles: $(am__depfiles_remade)
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-man8: $(dist_man_MANS)
- @$(NORMAL_INSTALL)
- @list1=''; \
- list2='$(dist_man_MANS)'; \
- test -n "$(man8dir)" \
- && test -n "`echo $$list1$$list2`" \
- || exit 0; \
- echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
- { for i in $$list1; do echo "$$i"; done; \
- if test -n "$$list2"; then \
- for i in $$list2; do echo "$$i"; done \
- | sed -n '/\.8[a-z]*$$/p'; \
- fi; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
- done; }
-
-uninstall-man8:
- @$(NORMAL_UNINSTALL)
- @list=''; test -n "$(man8dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.8[a-z]*$$/p'; \
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-# Recover from deleted '.trs' file; this should ensure that
-# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
-# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells
-# to avoid problems with "make -n".
-.log.trs:
- rm -f $< $@
- $(MAKE) $(AM_MAKEFLAGS) $<
-
-# Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
-am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
-am--force-recheck:
- @:
-
-$(TEST_SUITE_LOG): $(TEST_LOGS)
- @$(am__set_TESTS_bases); \
- am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
- redo_bases=`for i in $$bases; do \
- am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
- done`; \
- if test -n "$$redo_bases"; then \
- redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
- redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
- if $(am__make_dryrun); then :; else \
- rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
- fi; \
- fi; \
- if test -n "$$am__remaking_logs"; then \
- echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
- "recursion detected" >&2; \
- elif test -n "$$redo_logs"; then \
- am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
- fi; \
- if $(am__make_dryrun); then :; else \
- st=0; \
- errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
- for i in $$redo_bases; do \
- test -f $$i.trs && test -r $$i.trs \
- || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
- test -f $$i.log && test -r $$i.log \
- || { echo "$$errmsg $$i.log" >&2; st=1; }; \
- done; \
- test $$st -eq 0 || exit 1; \
- fi
- @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
- ws='[ ]'; \
- results=`for b in $$bases; do echo $$b.trs; done`; \
- test -n "$$results" || results=/dev/null; \
- all=` grep "^$$ws*:test-result:" $$results | wc -l`; \
- pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \
- fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \
- skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \
- xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
- xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
- error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
- if test `expr $$fail + $$xpass + $$error` -eq 0; then \
- success=true; \
- else \
- success=false; \
- fi; \
- br='==================='; br=$$br$$br$$br$$br; \
- result_count () \
- { \
- if test x"$$1" = x"--maybe-color"; then \
- maybe_colorize=yes; \
- elif test x"$$1" = x"--no-color"; then \
- maybe_colorize=no; \
- else \
- echo "$@: invalid 'result_count' usage" >&2; exit 4; \
- fi; \
- shift; \
- desc=$$1 count=$$2; \
- if test $$maybe_colorize = yes && test $$count -gt 0; then \
- color_start=$$3 color_end=$$std; \
- else \
- color_start= color_end=; \
- fi; \
- echo "$${color_start}# $$desc $$count$${color_end}"; \
- }; \
- create_testsuite_report () \
- { \
- result_count $$1 "TOTAL:" $$all "$$brg"; \
- result_count $$1 "PASS: " $$pass "$$grn"; \
- result_count $$1 "SKIP: " $$skip "$$blu"; \
- result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
- result_count $$1 "FAIL: " $$fail "$$red"; \
- result_count $$1 "XPASS:" $$xpass "$$red"; \
- result_count $$1 "ERROR:" $$error "$$mgn"; \
- }; \
- { \
- echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
- $(am__rst_title); \
- create_testsuite_report --no-color; \
- echo; \
- echo ".. contents:: :depth: 2"; \
- echo; \
- for b in $$bases; do echo $$b; done \
- | $(am__create_global_log); \
- } >$(TEST_SUITE_LOG).tmp || exit 1; \
- mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \
- if $$success; then \
- col="$$grn"; \
- else \
- col="$$red"; \
- test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
- fi; \
- echo "$${col}$$br$${std}"; \
- echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
- echo "$${col}$$br$${std}"; \
- create_testsuite_report --maybe-color; \
- echo "$$col$$br$$std"; \
- if $$success; then :; else \
- echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
- if test -n "$(PACKAGE_BUGREPORT)"; then \
- echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
- fi; \
- echo "$$col$$br$$std"; \
- fi; \
- $$success || exit 1
-
-check-TESTS: $(dist_check_SCRIPTS)
- @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
- @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- trs_list=`for i in $$bases; do echo $$i.trs; done`; \
- log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
- exit $$?;
-recheck: all $(dist_check_SCRIPTS)
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- bases=`for i in $$bases; do echo $$i; done \
- | $(am__list_recheck_tests)` || exit 1; \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- log_list=`echo $$log_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
- am__force_recheck=am--force-recheck \
- TEST_LOGS="$$log_list"; \
- exit $$?
-tst-pam_cracklib.log: tst-pam_cracklib
- @p='tst-pam_cracklib'; \
- b='tst-pam_cracklib'; \
- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-.test.log:
- @p='$<'; \
- $(am__set_b); \
- $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-@am__EXEEXT_TRUE@.test$(EXEEXT).log:
-@am__EXEEXT_TRUE@ @p='$<'; \
-@am__EXEEXT_TRUE@ $(am__set_b); \
-@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
-@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
-@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
-@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
- $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
- $(MAKE) $(AM_MAKEFLAGS) check-TESTS
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
-installdirs:
- for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
- -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
- -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
- -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
- -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
- mostlyclean-am
-
-distclean: distclean-am
- -rm -f ./$(DEPDIR)/pam_cracklib.Plo
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man install-securelibLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man: install-man8
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f ./$(DEPDIR)/pam_cracklib.Plo
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES
-
-uninstall-man: uninstall-man8
-
-.MAKE: check-am install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
- check-am clean clean-generic clean-libtool \
- clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
- distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-man install-man8 install-pdf \
- install-pdf-am install-ps install-ps-am \
- install-securelibLTLIBRARIES install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- recheck tags tags-am uninstall uninstall-am uninstall-man \
- uninstall-man8 uninstall-securelibLTLIBRARIES
-
-.PRECIOUS: Makefile
-
-@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/modules/pam_cracklib/README b/modules/pam_cracklib/README
deleted file mode 100644
index d0745160..00000000
--- a/modules/pam_cracklib/README
+++ /dev/null
@@ -1,254 +0,0 @@
-pam_cracklib — PAM module to check the password against dictionary words
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-DESCRIPTION
-
-This module can be plugged into the password stack of a given application to
-provide some plug-in strength-checking for passwords.
-
-The action of this module is to prompt the user for a password and check its
-strength against a system dictionary and a set of rules for identifying poor
-choices.
-
-The first action is to prompt for a single password, check its strength and
-then, if it is considered strong, prompt for the password a second time (to
-verify that it was typed correctly on the first occasion). All being well, the
-password is passed on to subsequent modules to be installed as the new
-authentication token.
-
-The strength checks works in the following manner: at first the Cracklib
-routine is called to check if the password is part of a dictionary; if this is
-not the case an additional set of strength checks is done. These checks are:
-
-Palindrome
-
- Is the new password a palindrome?
-
-Case Change Only
-
- Is the new password the old one with only a change of case?
-
-Similar
-
- Is the new password too much like the old one? This is primarily controlled
- by one argument, difok which is a number of character changes (inserts,
- removals, or replacements) between the old and new password that are enough
- to accept the new password. This defaults to 5 changes.
-
-Simple
-
- Is the new password too small? This is controlled by 6 arguments minlen,
- maxclassrepeat, dcredit, ucredit, lcredit, and ocredit. See the section on
- the arguments for the details of how these work and there defaults.
-
-Rotated
-
- Is the new password a rotated version of the old password?
-
-Same consecutive characters
-
- Optional check for same consecutive characters.
-
-Too long monotonic character sequence
-
- Optional check for too long monotonic character sequence.
-
-Contains user name
-
- Optional check whether the password contains the user's name in some form.
-
-This module with no arguments will work well for standard unix password
-encryption. With md5 encryption, passwords can be longer than 8 characters and
-the default settings for this module can make it hard for the user to choose a
-satisfactory new password. Notably, the requirement that the new password
-contain no more than 1/2 of the characters in the old password becomes a
-non-trivial constraint. For example, an old password of the form "the quick
-brown fox jumped over the lazy dogs" would be difficult to change... In
-addition, the default action is to allow passwords as small as 5 characters in
-length. For a md5 systems it can be a good idea to increase the required
-minimum size of a password. One can then allow more credit for different kinds
-of characters but accept that the new password may share most of these
-characters with the old password.
-
-OPTIONS
-
-debug
-
- This option makes the module write information to syslog(3) indicating the
- behavior of the module (this option does not write password information to
- the log file).
-
-authtok_type=XXX
-
- The default action is for the module to use the following prompts when
- requesting passwords: "New UNIX password: " and "Retype UNIX password: ".
- The example word UNIX can be replaced with this option, by default it is
- empty.
-
-retry=N
-
- Prompt user at most N times before returning with error. The default is 1.
-
-difok=N
-
- This argument will change the default of 5 for the number of character
- changes in the new password that differentiate it from the old password.
-
-minlen=N
-
- The minimum acceptable size for the new password (plus one if credits are
- not disabled which is the default). In addition to the number of characters
- in the new password, credit (of +1 in length) is given for each different
- kind of character (other, upper, lower and digit). The default for this
- parameter is 9 which is good for a old style UNIX password all of the same
- type of character but may be too low to exploit the added security of a md5
- system. Note that there is a pair of length limits in Cracklib itself, a
- "way too short" limit of 4 which is hard coded in and a defined limit (6)
- that will be checked without reference to minlen. If you want to allow
- passwords as short as 5 characters you should not use this module.
-
-dcredit=N
-
- (N >= 0) This is the maximum credit for having digits in the new password.
- If you have less than or N digits, each digit will count +1 towards meeting
- the current minlen value. The default for dcredit is 1 which is the
- recommended value for minlen less than 10.
-
- (N < 0) This is the minimum number of digits that must be met for a new
- password.
-
-ucredit=N
-
- (N >= 0) This is the maximum credit for having upper case letters in the
- new password. If you have less than or N upper case letters each letter
- will count +1 towards meeting the current minlen value. The default for
- ucredit is 1 which is the recommended value for minlen less than 10.
-
- (N < 0) This is the minimum number of upper case letters that must be met
- for a new password.
-
-lcredit=N
-
- (N >= 0) This is the maximum credit for having lower case letters in the
- new password. If you have less than or N lower case letters, each letter
- will count +1 towards meeting the current minlen value. The default for
- lcredit is 1 which is the recommended value for minlen less than 10.
-
- (N < 0) This is the minimum number of lower case letters that must be met
- for a new password.
-
-ocredit=N
-
- (N >= 0) This is the maximum credit for having other characters in the new
- password. If you have less than or N other characters, each character will
- count +1 towards meeting the current minlen value. The default for ocredit
- is 1 which is the recommended value for minlen less than 10.
-
- (N < 0) This is the minimum number of other characters that must be met for
- a new password.
-
-minclass=N
-
- The minimum number of required classes of characters for the new password.
- The default number is zero. The four classes are digits, upper and lower
- letters and other characters. The difference to the credit check is that a
- specific class if of characters is not required. Instead N out of four of
- the classes are required.
-
-maxrepeat=N
-
- Reject passwords which contain more than N same consecutive characters. The
- default is 0 which means that this check is disabled.
-
-maxsequence=N
-
- Reject passwords which contain monotonic character sequences longer than N.
- The default is 0 which means that this check is disabled. Examples of such
- sequence are '12345' or 'fedcb'. Note that most such passwords will not
- pass the simplicity check unless the sequence is only a minor part of the
- password.
-
-maxclassrepeat=N
-
- Reject passwords which contain more than N consecutive characters of the
- same class. The default is 0 which means that this check is disabled.
-
-reject_username
-
- Check whether the name of the user in straight or reversed form is
- contained in the new password. If it is found the new password is rejected.
-
-gecoscheck
-
- Check whether the words from the GECOS field (usually full name of the
- user) longer than 3 characters in straight or reversed form are contained
- in the new password. If any such word is found the new password is
- rejected.
-
-enforce_for_root
-
- The module will return error on failed check also if the user changing the
- password is root. This option is off by default which means that just the
- message about the failed check is printed but root can change the password
- anyway. Note that root is not asked for an old password so the checks that
- compare the old and new password are not performed.
-
-use_authtok
-
- This argument is used to force the module to not prompt the user for a new
- password but use the one provided by the previously stacked password
- module.
-
-dictpath=/path/to/dict
-
- Path to the cracklib dictionaries.
-
-EXAMPLES
-
-For an example of the use of this module, we show how it may be stacked with
-the password component of pam_unix(8)
-
-#
-# These lines stack two password type modules. In this example the
-# user is given 3 opportunities to enter a strong password. The
-# "use_authtok" argument ensures that the pam_unix module does not
-# prompt for a password, but instead uses the one provided by
-# pam_cracklib.
-#
-passwd password required pam_cracklib.so retry=3
-passwd password required pam_unix.so use_authtok
-
-
-Another example (in the /etc/pam.d/passwd format) is for the case that you want
-to use md5 password encryption:
-
-#%PAM-1.0
-#
-# These lines allow a md5 systems to support passwords of at least 14
-# bytes with extra credit of 2 for digits and 2 for others the new
-# password must have at least three bytes that are not present in the
-# old password
-#
-password required pam_cracklib.so \
- difok=3 minlen=15 dcredit= 2 ocredit=2
-password required pam_unix.so use_authtok nullok md5
-
-
-And here is another example in case you don't want to use credits:
-
-#%PAM-1.0
-#
-# These lines require the user to select a password with a minimum
-# length of 8 and with at least 1 digit number, 1 upper case letter,
-# and 1 other character
-#
-password required pam_cracklib.so \
- dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
-password required pam_unix.so use_authtok nullok md5
-
-
-AUTHOR
-
-pam_cracklib was written by Cristian Gafton <gafton@redhat.com>
-
diff --git a/modules/pam_cracklib/README.xml b/modules/pam_cracklib/README.xml
deleted file mode 100644
index c4a7b54c..00000000
--- a/modules/pam_cracklib/README.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-"http://www.docbook.org/xml/4.3/docbookx.dtd"
-[
-<!--
-<!ENTITY pamaccess SYSTEM "pam_cracklib.8.xml">
--->
-]>
-
-<article>
-
- <articleinfo>
-
- <title>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_cracklib.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_cracklib-name"]/*)'/>
- </title>
-
- </articleinfo>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-description"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-options"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-examples"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-author"]/*)'/>
- </section>
-
-</article>
diff --git a/modules/pam_cracklib/pam_cracklib.8 b/modules/pam_cracklib/pam_cracklib.8
deleted file mode 100644
index b7a60536..00000000
--- a/modules/pam_cracklib/pam_cracklib.8
+++ /dev/null
@@ -1,363 +0,0 @@
-'\" t
-.\" Title: pam_cracklib
-.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\" Date: 06/08/2020
-.\" Manual: Linux-PAM Manual
-.\" Source: Linux-PAM Manual
-.\" Language: English
-.\"
-.TH "PAM_CRACKLIB" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-pam_cracklib \- PAM module to check the password against dictionary words
-.SH "SYNOPSIS"
-.HP \w'\fBpam_cracklib\&.so\fR\ 'u
-\fBpam_cracklib\&.so\fR [\fI\&.\&.\&.\fR]
-.SH "DESCRIPTION"
-.PP
-This module can be plugged into the
-\fIpassword\fR
-stack of a given application to provide some plug\-in strength\-checking for passwords\&.
-.PP
-The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices\&.
-.PP
-The first action is to prompt for a single password, check its strength and then, if it is considered strong, prompt for the password a second time (to verify that it was typed correctly on the first occasion)\&. All being well, the password is passed on to subsequent modules to be installed as the new authentication token\&.
-.PP
-The strength checks works in the following manner: at first the
-\fBCracklib\fR
-routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done\&. These checks are:
-.PP
-Palindrome
-.RS 4
-Is the new password a palindrome?
-.RE
-.PP
-Case Change Only
-.RS 4
-Is the new password the old one with only a change of case?
-.RE
-.PP
-Similar
-.RS 4
-Is the new password too much like the old one? This is primarily controlled by one argument,
-\fBdifok\fR
-which is a number of character changes (inserts, removals, or replacements) between the old and new password that are enough to accept the new password\&. This defaults to 5 changes\&.
-.RE
-.PP
-Simple
-.RS 4
-Is the new password too small? This is controlled by 6 arguments
-\fBminlen\fR,
-\fBmaxclassrepeat\fR,
-\fBdcredit\fR,
-\fBucredit\fR,
-\fBlcredit\fR, and
-\fBocredit\fR\&. See the section on the arguments for the details of how these work and there defaults\&.
-.RE
-.PP
-Rotated
-.RS 4
-Is the new password a rotated version of the old password?
-.RE
-.PP
-Same consecutive characters
-.RS 4
-Optional check for same consecutive characters\&.
-.RE
-.PP
-Too long monotonic character sequence
-.RS 4
-Optional check for too long monotonic character sequence\&.
-.RE
-.PP
-Contains user name
-.RS 4
-Optional check whether the password contains the user\*(Aqs name in some form\&.
-.RE
-.PP
-This module with no arguments will work well for standard unix password encryption\&. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\&. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\&. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\&.\&.\&. In addition, the default action is to allow passwords as small as 5 characters in length\&. For a md5 systems it can be a good idea to increase the required minimum size of a password\&. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\&.
-.SH "OPTIONS"
-.PP
-.PP
-\fBdebug\fR
-.RS 4
-This option makes the module write information to
-\fBsyslog\fR(3)
-indicating the behavior of the module (this option does not write password information to the log file)\&.
-.RE
-.PP
-\fBauthtok_type=\fR\fB\fIXXX\fR\fR
-.RS 4
-The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word
-\fIUNIX\fR
-can be replaced with this option, by default it is empty\&.
-.RE
-.PP
-\fBretry=\fR\fB\fIN\fR\fR
-.RS 4
-Prompt user at most
-\fIN\fR
-times before returning with error\&. The default is
-\fI1\fR\&.
-.RE
-.PP
-\fBdifok=\fR\fB\fIN\fR\fR
-.RS 4
-This argument will change the default of
-\fI5\fR
-for the number of character changes in the new password that differentiate it from the old password\&.
-.RE
-.PP
-\fBminlen=\fR\fB\fIN\fR\fR
-.RS 4
-The minimum acceptable size for the new password (plus one if credits are not disabled which is the default)\&. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (\fIother\fR,
-\fIupper\fR,
-\fIlower\fR
-and
-\fIdigit\fR)\&. The default for this parameter is
-\fI9\fR
-which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system\&. Note that there is a pair of length limits in
-\fICracklib\fR
-itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to
-\fBminlen\fR\&. If you want to allow passwords as short as 5 characters you should not use this module\&.
-.RE
-.PP
-\fBdcredit=\fR\fB\fIN\fR\fR
-.RS 4
-(N >= 0) This is the maximum credit for having digits in the new password\&. If you have less than or
-\fIN\fR
-digits, each digit will count +1 towards meeting the current
-\fBminlen\fR
-value\&. The default for
-\fBdcredit\fR
-is 1 which is the recommended value for
-\fBminlen\fR
-less than 10\&.
-.sp
-(N < 0) This is the minimum number of digits that must be met for a new password\&.
-.RE
-.PP
-\fBucredit=\fR\fB\fIN\fR\fR
-.RS 4
-(N >= 0) This is the maximum credit for having upper case letters in the new password\&. If you have less than or
-\fIN\fR
-upper case letters each letter will count +1 towards meeting the current
-\fBminlen\fR
-value\&. The default for
-\fBucredit\fR
-is
-\fI1\fR
-which is the recommended value for
-\fBminlen\fR
-less than 10\&.
-.sp
-(N < 0) This is the minimum number of upper case letters that must be met for a new password\&.
-.RE
-.PP
-\fBlcredit=\fR\fB\fIN\fR\fR
-.RS 4
-(N >= 0) This is the maximum credit for having lower case letters in the new password\&. If you have less than or
-\fIN\fR
-lower case letters, each letter will count +1 towards meeting the current
-\fBminlen\fR
-value\&. The default for
-\fBlcredit\fR
-is 1 which is the recommended value for
-\fBminlen\fR
-less than 10\&.
-.sp
-(N < 0) This is the minimum number of lower case letters that must be met for a new password\&.
-.RE
-.PP
-\fBocredit=\fR\fB\fIN\fR\fR
-.RS 4
-(N >= 0) This is the maximum credit for having other characters in the new password\&. If you have less than or
-\fIN\fR
-other characters, each character will count +1 towards meeting the current
-\fBminlen\fR
-value\&. The default for
-\fBocredit\fR
-is 1 which is the recommended value for
-\fBminlen\fR
-less than 10\&.
-.sp
-(N < 0) This is the minimum number of other characters that must be met for a new password\&.
-.RE
-.PP
-\fBminclass=\fR\fB\fIN\fR\fR
-.RS 4
-The minimum number of required classes of characters for the new password\&. The default number is zero\&. The four classes are digits, upper and lower letters and other characters\&. The difference to the
-\fBcredit\fR
-check is that a specific class if of characters is not required\&. Instead
-\fIN\fR
-out of four of the classes are required\&.
-.RE
-.PP
-\fBmaxrepeat=\fR\fB\fIN\fR\fR
-.RS 4
-Reject passwords which contain more than N same consecutive characters\&. The default is 0 which means that this check is disabled\&.
-.RE
-.PP
-\fBmaxsequence=\fR\fB\fIN\fR\fR
-.RS 4
-Reject passwords which contain monotonic character sequences longer than N\&. The default is 0 which means that this check is disabled\&. Examples of such sequence are \*(Aq12345\*(Aq or \*(Aqfedcb\*(Aq\&. Note that most such passwords will not pass the simplicity check unless the sequence is only a minor part of the password\&.
-.RE
-.PP
-\fBmaxclassrepeat=\fR\fB\fIN\fR\fR
-.RS 4
-Reject passwords which contain more than N consecutive characters of the same class\&. The default is 0 which means that this check is disabled\&.
-.RE
-.PP
-\fBreject_username\fR
-.RS 4
-Check whether the name of the user in straight or reversed form is contained in the new password\&. If it is found the new password is rejected\&.
-.RE
-.PP
-\fBgecoscheck\fR
-.RS 4
-Check whether the words from the GECOS field (usually full name of the user) longer than 3 characters in straight or reversed form are contained in the new password\&. If any such word is found the new password is rejected\&.
-.RE
-.PP
-\fBenforce_for_root\fR
-.RS 4
-The module will return error on failed check also if the user changing the password is root\&. This option is off by default which means that just the message about the failed check is printed but root can change the password anyway\&. Note that root is not asked for an old password so the checks that compare the old and new password are not performed\&.
-.RE
-.PP
-\fBuse_authtok\fR
-.RS 4
-This argument is used to
-\fIforce\fR
-the module to not prompt the user for a new password but use the one provided by the previously stacked
-\fIpassword\fR
-module\&.
-.RE
-.PP
-\fBdictpath=\fR\fB\fI/path/to/dict\fR\fR
-.RS 4
-Path to the cracklib dictionaries\&.
-.RE
-.SH "MODULE TYPES PROVIDED"
-.PP
-Only the
-\fBpassword\fR
-module type is provided\&.
-.SH "RETURN VALUES"
-.PP
-.PP
-PAM_SUCCESS
-.RS 4
-The new password passes all checks\&.
-.RE
-.PP
-PAM_AUTHTOK_ERR
-.RS 4
-No new password was entered, the username could not be determined or the new password fails the strength checks\&.
-.RE
-.PP
-PAM_AUTHTOK_RECOVERY_ERR
-.RS 4
-The old password was not supplied by a previous stacked module or got not requested from the user\&. The first error can happen if
-\fBuse_authtok\fR
-is specified\&.
-.RE
-.PP
-PAM_SERVICE_ERR
-.RS 4
-A internal error occurred\&.
-.RE
-.SH "EXAMPLES"
-.PP
-For an example of the use of this module, we show how it may be stacked with the password component of
-\fBpam_unix\fR(8)
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-#
-# These lines stack two password type modules\&. In this example the
-# user is given 3 opportunities to enter a strong password\&. The
-# "use_authtok" argument ensures that the pam_unix module does not
-# prompt for a password, but instead uses the one provided by
-# pam_cracklib\&.
-#
-passwd password required pam_cracklib\&.so retry=3
-passwd password required pam_unix\&.so use_authtok
-
-.fi
-.if n \{\
-.RE
-.\}
-.PP
-Another example (in the
-/etc/pam\&.d/passwd
-format) is for the case that you want to use md5 password encryption:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-#%PAM\-1\&.0
-#
-# These lines allow a md5 systems to support passwords of at least 14
-# bytes with extra credit of 2 for digits and 2 for others the new
-# password must have at least three bytes that are not present in the
-# old password
-#
-password required pam_cracklib\&.so \e
- difok=3 minlen=15 dcredit= 2 ocredit=2
-password required pam_unix\&.so use_authtok nullok md5
-
-.fi
-.if n \{\
-.RE
-.\}
-.PP
-And here is another example in case you don\*(Aqt want to use credits:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-#%PAM\-1\&.0
-#
-# These lines require the user to select a password with a minimum
-# length of 8 and with at least 1 digit number, 1 upper case letter,
-# and 1 other character
-#
-password required pam_cracklib\&.so \e
- dcredit=\-1 ucredit=\-1 ocredit=\-1 lcredit=0 minlen=8
-password required pam_unix\&.so use_authtok nullok md5
-
-.fi
-.if n \{\
-.RE
-.\}
-.sp
-.SH "SEE ALSO"
-.PP
-\fBpam.conf\fR(5),
-\fBpam.d\fR(5),
-\fBpam\fR(8)
-.SH "AUTHOR"
-.PP
-pam_cracklib was written by Cristian Gafton <gafton@redhat\&.com>
diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml
deleted file mode 100644
index 75e44e2d..00000000
--- a/modules/pam_cracklib/pam_cracklib.8.xml
+++ /dev/null
@@ -1,592 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_cracklib">
-
- <refmeta>
- <refentrytitle>pam_cracklib</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
- </refmeta>
-
- <refnamediv id="pam_cracklib-name">
- <refname>pam_cracklib</refname>
- <refpurpose>PAM module to check the password against dictionary words</refpurpose>
- </refnamediv>
-
- <refsynopsisdiv>
- <cmdsynopsis id="pam_cracklib-cmdsynopsis">
- <command>pam_cracklib.so</command>
- <arg choice="opt">
- <replaceable>...</replaceable>
- </arg>
- </cmdsynopsis>
- </refsynopsisdiv>
-
- <refsect1 id="pam_cracklib-description">
-
- <title>DESCRIPTION</title>
-
- <para>
- This module can be plugged into the <emphasis>password</emphasis> stack of
- a given application to provide some plug-in strength-checking for passwords.
- </para>
-
- <para>
- The action of this module is to prompt the user for a password and
- check its strength against a system dictionary and a set of rules for
- identifying poor choices.
- </para>
-
- <para>
- The first action is to prompt for a single password, check its
- strength and then, if it is considered strong, prompt for the password
- a second time (to verify that it was typed correctly on the first
- occasion). All being well, the password is passed on to subsequent
- modules to be installed as the new authentication token.
- </para>
-
- <para>
- The strength checks works in the following manner: at first the
- <function>Cracklib</function> routine is called to check if the password
- is part of a dictionary; if this is not the case an additional set of
- strength checks is done. These checks are:
- </para>
-
- <variablelist>
- <varlistentry>
- <term>Palindrome</term>
- <listitem>
- <para>
- Is the new password a palindrome?
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Case Change Only</term>
- <listitem>
- <para>
- Is the new password the old one with only a change of case?
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Similar</term>
- <listitem>
- <para>
- Is the new password too much like the old one?
- This is primarily controlled by one argument,
- <option>difok</option> which is a number of character changes
- (inserts, removals, or replacements) between the old and new
- password that are enough to accept the new password.
- This defaults to 5 changes.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Simple</term>
- <listitem>
- <para>
- Is the new password too small?
- This is controlled by 6 arguments <option>minlen</option>,
- <option>maxclassrepeat</option>,
- <option>dcredit</option>, <option>ucredit</option>,
- <option>lcredit</option>, and <option>ocredit</option>. See the section
- on the arguments for the details of how these work and there defaults.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Rotated</term>
- <listitem>
- <para>
- Is the new password a rotated version of the old password?
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Same consecutive characters</term>
- <listitem>
- <para>
- Optional check for same consecutive characters.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Too long monotonic character sequence</term>
- <listitem>
- <para>
- Optional check for too long monotonic character sequence.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>Contains user name</term>
- <listitem>
- <para>
- Optional check whether the password contains the user's name
- in some form.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- <para>
- This module with no arguments will work well for standard unix
- password encryption. With md5 encryption, passwords can be longer
- than 8 characters and the default settings for this module can make it
- hard for the user to choose a satisfactory new password. Notably, the
- requirement that the new password contain no more than 1/2 of the
- characters in the old password becomes a non-trivial constraint. For
- example, an old password of the form "the quick brown fox jumped over
- the lazy dogs" would be difficult to change... In addition, the
- default action is to allow passwords as small as 5 characters in
- length. For a md5 systems it can be a good idea to increase the
- required minimum size of a password. One can then allow more credit
- for different kinds of characters but accept that the new password may
- share most of these characters with the old password.
- </para>
-
- </refsect1>
-
- <refsect1 id="pam_cracklib-options">
-
- <title>OPTIONS</title>
- <para>
- <variablelist>
-
- <varlistentry>
- <term>
- <option>debug</option>
- </term>
- <listitem>
- <para>
- This option makes the module write information to
- <citerefentry>
- <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
- </citerefentry>
- indicating the behavior of the module (this option does
- not write password information to the log file).
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>authtok_type=<replaceable>XXX</replaceable></option>
- </term>
- <listitem>
- <para>
- The default action is for the module to use the
- following prompts when requesting passwords:
- "New UNIX password: " and "Retype UNIX password: ".
- The example word <emphasis>UNIX</emphasis> can
- be replaced with this option, by default it is empty.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>retry=<replaceable>N</replaceable></option>
- </term>
- <listitem>
- <para>
- Prompt user at most <replaceable>N</replaceable> times
- before returning with error. The default is
- <emphasis>1</emphasis>.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>difok=<replaceable>N</replaceable></option>
- </term>
- <listitem>
- <para>
- This argument will change the default of
- <emphasis>5</emphasis> for the number of character
- changes in the new password that differentiate it
- from the old password.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>minlen=<replaceable>N</replaceable></option>
- </term>
- <listitem>
- <para>
- The minimum acceptable size for the new password (plus
- one if credits are not disabled which is the default).
- In addition to the number of characters in the new password,
- credit (of +1 in length) is given for each different kind
- of character (<emphasis>other</emphasis>,
- <emphasis>upper</emphasis>, <emphasis>lower</emphasis> and
- <emphasis>digit</emphasis>). The default for this parameter
- is <emphasis>9</emphasis> which is good for a old style UNIX
- password all of the same type of character but may be too low
- to exploit the added security of a md5 system. Note that
- there is a pair of length limits in
- <emphasis>Cracklib</emphasis> itself, a "way too short" limit
- of 4 which is hard coded in and a defined limit (6) that will
- be checked without reference to <option>minlen</option>.
- If you want to allow passwords as short as 5 characters you
- should not use this module.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>dcredit=<replaceable>N</replaceable></option>
- </term>
- <listitem>
- <para>
- (N &gt;= 0) This is the maximum credit for having digits in
- the new password. If you have less than or
- <replaceable>N</replaceable>
- digits, each digit will count +1 towards meeting the current
- <option>minlen</option> value. The default for
- <option>dcredit</option> is 1 which is the recommended
- value for <option>minlen</option> less than 10.
- </para>
- <para>
- (N &lt; 0) This is the minimum number of digits that must
- be met for a new password.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>ucredit=<replaceable>N</replaceable></option>
- </term>
- <listitem>
- <para>
- (N &gt;= 0) This is the maximum credit for having upper
- case letters in the new password. If you have less than
- or <replaceable>N</replaceable> upper case letters each
- letter will count +1 towards meeting the current
- <option>minlen</option> value. The default for
- <option>ucredit</option> is <emphasis>1</emphasis> which
- is the recommended value for <option>minlen</option> less
- than 10.
- </para>
- <para>
- (N &lt; 0) This is the minimum number of upper
- case letters that must be met for a new password.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>lcredit=<replaceable>N</replaceable></option>
- </term>
- <listitem>
- <para>
- (N &gt;= 0) This is the maximum credit for having
- lower case letters in the new password. If you have
- less than or <replaceable>N</replaceable> lower case
- letters, each letter will count +1 towards meeting the
- current <option>minlen</option> value. The default for
- <option>lcredit</option> is 1 which is the recommended
- value for <option>minlen</option> less than 10.
- </para>
- <para>
- (N &lt; 0) This is the minimum number of lower
- case letters that must be met for a new password.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>ocredit=<replaceable>N</replaceable></option>
- </term>
- <listitem>
- <para>
- (N &gt;= 0) This is the maximum credit for having other
- characters in the new password. If you have less than or
- <replaceable>N</replaceable> other characters, each
- character will count +1 towards meeting the current
- <option>minlen</option> value. The default for
- <option>ocredit</option> is 1 which is the recommended
- value for <option>minlen</option> less than 10.
- </para>
- <para>
- (N &lt; 0) This is the minimum number of other
- characters that must be met for a new password.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>minclass=<replaceable>N</replaceable></option>
- </term>
- <listitem>
- <para>
- The minimum number of required classes of characters for
- the new password. The default number is zero. The four
- classes are digits, upper and lower letters and other
- characters.
- The difference to the <option>credit</option> check is
- that a specific class if of characters is not required.
- Instead <replaceable>N</replaceable> out of four of the
- classes are required.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>maxrepeat=<replaceable>N</replaceable></option>
- </term>
- <listitem>
- <para>
- Reject passwords which contain more than N same consecutive
- characters. The default is 0 which means that this check
- is disabled.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>maxsequence=<replaceable>N</replaceable></option>
- </term>
- <listitem>
- <para>
- Reject passwords which contain monotonic character sequences
- longer than N. The default is 0 which means that this check
- is disabled. Examples of such sequence are '12345' or 'fedcb'.
- Note that most such passwords will not pass the simplicity
- check unless the sequence is only a minor part of the password.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>maxclassrepeat=<replaceable>N</replaceable></option>
- </term>
- <listitem>
- <para>
- Reject passwords which contain more than N consecutive
- characters of the same class. The default is 0 which means
- that this check is disabled.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>reject_username</option>
- </term>
- <listitem>
- <para>
- Check whether the name of the user in straight or reversed
- form is contained in the new password. If it is found the
- new password is rejected.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>gecoscheck</option>
- </term>
- <listitem>
- <para>
- Check whether the words from the GECOS field (usually full name
- of the user) longer than 3 characters in straight or reversed
- form are contained in the new password. If any such word is
- found the new password is rejected.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>enforce_for_root</option>
- </term>
- <listitem>
- <para>
- The module will return error on failed check also if the user
- changing the password is root. This option is off by default
- which means that just the message about the failed check is
- printed but root can change the password anyway.
- Note that root is not asked for an old password so the checks
- that compare the old and new password are not performed.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>use_authtok</option>
- </term>
- <listitem>
- <para>
- This argument is used to <emphasis>force</emphasis> the
- module to not prompt the user for a new password but use
- the one provided by the previously stacked
- <emphasis>password</emphasis> module.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>dictpath=<replaceable>/path/to/dict</replaceable></option>
- </term>
- <listitem>
- <para>
- Path to the cracklib dictionaries.
- </para>
- </listitem>
- </varlistentry>
-
- </variablelist>
- </para>
- </refsect1>
-
- <refsect1 id="pam_cracklib-types">
- <title>MODULE TYPES PROVIDED</title>
- <para>
- Only the <option>password</option> module type is provided.
- </para>
- </refsect1>
-
- <refsect1 id='pam_cracklib-return_values'>
- <title>RETURN VALUES</title>
- <para>
- <variablelist>
-
- <varlistentry>
- <term>PAM_SUCCESS</term>
- <listitem>
- <para>
- The new password passes all checks.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>PAM_AUTHTOK_ERR</term>
- <listitem>
- <para>
- No new password was entered,
- the username could not be determined or the new
- password fails the strength checks.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>PAM_AUTHTOK_RECOVERY_ERR</term>
- <listitem>
- <para>
- The old password was not supplied by a previous stacked
- module or got not requested from the user.
- The first error can happen if <option>use_authtok</option>
- is specified.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>PAM_SERVICE_ERR</term>
- <listitem>
- <para>
- A internal error occurred.
- </para>
- </listitem>
- </varlistentry>
-
- </variablelist>
- </para>
- </refsect1>
-
- <refsect1 id='pam_cracklib-examples'>
- <title>EXAMPLES</title>
- <para>
- For an example of the use of this module, we show how it may be
- stacked with the password component of
- <citerefentry>
- <refentrytitle>pam_unix</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>
- <programlisting>
-#
-# These lines stack two password type modules. In this example the
-# user is given 3 opportunities to enter a strong password. The
-# "use_authtok" argument ensures that the pam_unix module does not
-# prompt for a password, but instead uses the one provided by
-# pam_cracklib.
-#
-passwd password required pam_cracklib.so retry=3
-passwd password required pam_unix.so use_authtok
- </programlisting>
- </para>
-
- <para>
- Another example (in the <filename>/etc/pam.d/passwd</filename> format)
- is for the case that you want to use md5 password encryption:
- <programlisting>
-#%PAM-1.0
-#
-# These lines allow a md5 systems to support passwords of at least 14
-# bytes with extra credit of 2 for digits and 2 for others the new
-# password must have at least three bytes that are not present in the
-# old password
-#
-password required pam_cracklib.so \
- difok=3 minlen=15 dcredit= 2 ocredit=2
-password required pam_unix.so use_authtok nullok md5
- </programlisting>
- </para>
-
- <para>
- And here is another example in case you don't want to use credits:
- <programlisting>
-#%PAM-1.0
-#
-# These lines require the user to select a password with a minimum
-# length of 8 and with at least 1 digit number, 1 upper case letter,
-# and 1 other character
-#
-password required pam_cracklib.so \
- dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
-password required pam_unix.so use_authtok nullok md5
- </programlisting>
- </para>
-
- </refsect1>
-
- <refsect1 id='pam_cracklib-see_also'>
- <title>SEE ALSO</title>
- <para>
- <citerefentry>
- <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
-
- <refsect1 id='pam_cracklib-author'>
- <title>AUTHOR</title>
- <para>
- pam_cracklib was written by Cristian Gafton &lt;gafton@redhat.com&gt;
- </para>
- </refsect1>
-
-</refentry>
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
deleted file mode 100644
index 01291305..00000000
--- a/modules/pam_cracklib/pam_cracklib.c
+++ /dev/null
@@ -1,899 +0,0 @@
-/*
- * pam_cracklib module
- *
- * 0.9. switch to using a distance algorithm in similar()
- * 0.86. added support for setting minimum numbers of digits, uppers,
- * lowers, and others
- * 0.85. added six new options to use this with long passwords.
- * 0.8. tidied output and improved D(()) usage for debugging.
- * 0.7. added support for more obscure checks for new passwd.
- * 0.6. root can reset user passwd to any values (it's only warned)
- * 0.5. supports retries - 'retry=N' argument
- * 0.4. added argument 'type=XXX' for 'New XXX password' prompt
- * 0.3. Added argument 'debug'
- * 0.2. new password is fed to cracklib for verify after typed once
- * 0.1. First release
- *
- * Written by Cristian Gafton <gafton@redhat.com> 1996/09/10
- * Long password support by Philip W. Dalrymple <pwd@mdtsoft.com> 1997/07/18
- * See the end of the file for Copyright Information
- *
- * Modification for long password systems (>8 chars). The original
- * module had problems when used in a md5 password system in that it
- * allowed too short passwords but required that at least half of the
- * bytes in the new password did not appear in the old one. this
- * action is still the default and the changes should not break any
- * current user. This modification adds 6 new options, one to set the
- * number of bytes in the new password that are not in the old one,
- * the other five to control the length checking, these are all
- * documented (or will be before anyone else sees this code) in the PAM
- * S.A.G. in the section on the cracklib module.
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef HAVE_LIBXCRYPT
-# include <xcrypt.h>
-#elif defined(HAVE_CRYPT_H)
-# include <crypt.h>
-#endif
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <syslog.h>
-#include <stdarg.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <ctype.h>
-#include <limits.h>
-#include <pwd.h>
-#include <security/pam_modutil.h>
-
-#ifdef HAVE_CRACK_H
-#include <crack.h>
-#else
-extern char *FascistCheck(char *pw, const char *dictpath);
-#endif
-
-#ifndef CRACKLIB_DICTS
-#define CRACKLIB_DICTS NULL
-#endif
-
-#ifdef MIN
-#undef MIN
-#endif
-#define MIN(_a, _b) (((_a) < (_b)) ? (_a) : (_b))
-
-#include <security/pam_modules.h>
-#include <security/_pam_macros.h>
-#include <security/pam_ext.h>
-#include "pam_inline.h"
-
-/* argument parsing */
-#define PAM_DEBUG_ARG 0x0001
-
-struct cracklib_options {
- int retry_times;
- int diff_ok;
- int min_length;
- int dig_credit;
- int up_credit;
- int low_credit;
- int oth_credit;
- int min_class;
- int max_repeat;
- int max_sequence;
- int max_class_repeat;
- int reject_user;
- int gecos_check;
- int enforce_for_root;
- const char *cracklib_dictpath;
-};
-
-#define CO_RETRY_TIMES 1
-#define CO_DIFF_OK 5
-#define CO_MIN_LENGTH 9
-# define CO_MIN_LENGTH_BASE 5
-#define CO_DIG_CREDIT 1
-#define CO_UP_CREDIT 1
-#define CO_LOW_CREDIT 1
-#define CO_OTH_CREDIT 1
-#define CO_MIN_WORD_LENGTH 4
-
-static int
-_pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
- int argc, const char **argv)
-{
- int ctrl=0;
-
- /* step through arguments */
- for (ctrl=0; argc-- > 0; ++argv) {
- const char *str;
- char *ep = NULL;
-
- /* generic options */
-
- if (!strcmp(*argv,"debug"))
- ctrl |= PAM_DEBUG_ARG;
- else if ((str = pam_str_skip_prefix(*argv, "type=")) != NULL)
- pam_set_item (pamh, PAM_AUTHTOK_TYPE, str);
- else if ((str = pam_str_skip_prefix(*argv, "retry=")) != NULL) {
- opt->retry_times = strtol(str, &ep, 10);
- if (!ep || (opt->retry_times < 1))
- opt->retry_times = CO_RETRY_TIMES;
- } else if ((str = pam_str_skip_prefix(*argv, "difok=")) != NULL) {
- opt->diff_ok = strtol(str, &ep, 10);
- if (!ep || (opt->diff_ok < 0))
- opt->diff_ok = CO_DIFF_OK;
- } else if (pam_str_skip_prefix(*argv, "difignore=") != NULL) {
- /* just ignore */
- } else if ((str = pam_str_skip_prefix(*argv, "minlen=")) != NULL) {
- opt->min_length = strtol(str, &ep, 10);
- if (!ep || (opt->min_length < CO_MIN_LENGTH_BASE))
- opt->min_length = CO_MIN_LENGTH_BASE;
- } else if ((str = pam_str_skip_prefix(*argv, "dcredit=")) != NULL) {
- opt->dig_credit = strtol(str, &ep, 10);
- if (!ep)
- opt->dig_credit = 0;
- } else if ((str = pam_str_skip_prefix(*argv, "ucredit=")) != NULL) {
- opt->up_credit = strtol(str, &ep, 10);
- if (!ep)
- opt->up_credit = 0;
- } else if ((str = pam_str_skip_prefix(*argv, "lcredit=")) != NULL) {
- opt->low_credit = strtol(str, &ep, 10);
- if (!ep)
- opt->low_credit = 0;
- } else if ((str = pam_str_skip_prefix(*argv, "ocredit=")) != NULL) {
- opt->oth_credit = strtol(str, &ep, 10);
- if (!ep)
- opt->oth_credit = 0;
- } else if ((str = pam_str_skip_prefix(*argv, "minclass=")) != NULL) {
- opt->min_class = strtol(str, &ep, 10);
- if (!ep)
- opt->min_class = 0;
- if (opt->min_class > 4)
- opt->min_class = 4;
- } else if ((str = pam_str_skip_prefix(*argv, "maxrepeat=")) != NULL) {
- opt->max_repeat = strtol(str, &ep, 10);
- if (!ep)
- opt->max_repeat = 0;
- } else if ((str = pam_str_skip_prefix(*argv, "maxsequence=")) != NULL) {
- opt->max_sequence = strtol(str, &ep, 10);
- if (!ep)
- opt->max_sequence = 0;
- } else if ((str = pam_str_skip_prefix(*argv, "maxclassrepeat=")) != NULL) {
- opt->max_class_repeat = strtol(str, &ep, 10);
- if (!ep)
- opt->max_class_repeat = 0;
- } else if (!strcmp(*argv, "reject_username")) {
- opt->reject_user = 1;
- } else if (!strcmp(*argv, "gecoscheck")) {
- opt->gecos_check = 1;
- } else if (!strcmp(*argv, "enforce_for_root")) {
- opt->enforce_for_root = 1;
- } else if (pam_str_skip_prefix(*argv, "authtok_type=") != NULL) {
- /* for pam_get_authtok, ignore */;
- } else if (!strcmp(*argv, "use_authtok")) {
- /* for pam_get_authtok, ignore */;
- } else if (!strcmp(*argv, "use_first_pass")) {
- /* for pam_get_authtok, ignore */;
- } else if (!strcmp(*argv, "try_first_pass")) {
- /* for pam_get_authtok, ignore */;
- } else if ((str = pam_str_skip_prefix(*argv, "dictpath=")) != NULL) {
- opt->cracklib_dictpath = str;
- if (!*(opt->cracklib_dictpath)) {
- opt->cracklib_dictpath = CRACKLIB_DICTS;
- }
- } else {
- pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv);
- }
- }
-
- return ctrl;
-}
-
-/* Helper functions */
-
-/*
- * can't be a palindrome - like `R A D A R' or `M A D A M'
- */
-static int palindrome(const char *new)
-{
- int i, j;
-
- i = strlen (new);
-
- for (j = 0;j < i;j++)
- if (new[i - j - 1] != new[j])
- return 0;
-
- return 1;
-}
-
-/*
- * Calculate how different two strings are in terms of the number of
- * character removals, additions, and changes needed to go from one to
- * the other
- */
-
-static int distdifferent(const char *old, const char *new,
- size_t i, size_t j)
-{
- char c, d;
-
- if ((i == 0) || (strlen(old) < i)) {
- c = 0;
- } else {
- c = old[i - 1];
- }
- if ((j == 0) || (strlen(new) < j)) {
- d = 0;
- } else {
- d = new[j - 1];
- }
- return (c != d);
-}
-
-static int distcalculate(int **distances, const char *old, const char *new,
- size_t i, size_t j)
-{
- int tmp = 0;
-
- if (distances[i][j] != -1) {
- return distances[i][j];
- }
-
- tmp = distcalculate(distances, old, new, i - 1, j - 1);
- tmp = MIN(tmp, distcalculate(distances, old, new, i, j - 1));
- tmp = MIN(tmp, distcalculate(distances, old, new, i - 1, j));
- tmp += distdifferent(old, new, i, j);
-
- distances[i][j] = tmp;
-
- return tmp;
-}
-
-static int distance(const char *old, const char *new)
-{
- int **distances = NULL;
- size_t m, n, i, j, r;
-
- m = strlen(old);
- n = strlen(new);
- distances = malloc(sizeof(int*) * (m + 1));
-
- for (i = 0; i <= m; i++) {
- distances[i] = malloc(sizeof(int) * (n + 1));
- for(j = 0; j <= n; j++) {
- distances[i][j] = -1;
- }
- }
- for (i = 0; i <= m; i++) {
- distances[i][0] = i;
- }
- for (j = 0; j <= n; j++) {
- distances[0][j] = j;
- }
- distances[0][0] = 0;
-
- r = distcalculate(distances, old, new, m, n);
-
- for (i = 0; i <= m; i++) {
- memset(distances[i], 0, sizeof(int) * (n + 1));
- free(distances[i]);
- }
- free(distances);
-
- return r;
-}
-
-static int similar(struct cracklib_options *opt,
- const char *old, const char *new)
-{
- if (distance(old, new) >= opt->diff_ok) {
- return 0;
- }
-
- if (strlen(new) >= (strlen(old) * 2)) {
- return 0;
- }
-
- /* passwords are too similar */
- return 1;
-}
-
-/*
- * enough classes of characters
- */
-
-static int minclass (struct cracklib_options *opt,
- const char *new)
-{
- int digits = 0;
- int uppers = 0;
- int lowers = 0;
- int others = 0;
- int total_class;
- int i;
- int retval;
-
- D(( "called" ));
- for (i = 0; new[i]; i++)
- {
- if (isdigit (new[i]))
- digits = 1;
- else if (isupper (new[i]))
- uppers = 1;
- else if (islower (new[i]))
- lowers = 1;
- else
- others = 1;
- }
-
- total_class = digits + uppers + lowers + others;
-
- D (("total class: %d\tmin_class: %d", total_class, opt->min_class));
-
- if (total_class >= opt->min_class)
- retval = 0;
- else
- retval = 1;
-
- return retval;
-}
-
-
-/*
- * a nice mix of characters.
- */
-static int simple(struct cracklib_options *opt, const char *new)
-{
- int digits = 0;
- int uppers = 0;
- int lowers = 0;
- int others = 0;
- int size;
- int i;
- enum { NONE, DIGIT, UCASE, LCASE, OTHER } prevclass = NONE;
- int sameclass = 0;
-
- for (i = 0;new[i];i++) {
- if (isdigit (new[i])) {
- digits++;
- if (prevclass != DIGIT) {
- prevclass = DIGIT;
- sameclass = 1;
- } else
- sameclass++;
- }
- else if (isupper (new[i])) {
- uppers++;
- if (prevclass != UCASE) {
- prevclass = UCASE;
- sameclass = 1;
- } else
- sameclass++;
- }
- else if (islower (new[i])) {
- lowers++;
- if (prevclass != LCASE) {
- prevclass = LCASE;
- sameclass = 1;
- } else
- sameclass++;
- }
- else {
- others++;
- if (prevclass != OTHER) {
- prevclass = OTHER;
- sameclass = 1;
- } else
- sameclass++;
- }
- if (opt->max_class_repeat > 0 && sameclass > opt->max_class_repeat) {
- return 1;
- }
- }
-
- /*
- * The scam was this - a password of only one character type
- * must be 8 letters long. Two types, 7, and so on.
- * This is now changed, the base size and the credits or defaults
- * see the docs on the module for info on these parameters, the
- * defaults cause the effect to be the same as before the change
- */
-
- if ((opt->dig_credit >= 0) && (digits > opt->dig_credit))
- digits = opt->dig_credit;
-
- if ((opt->up_credit >= 0) && (uppers > opt->up_credit))
- uppers = opt->up_credit;
-
- if ((opt->low_credit >= 0) && (lowers > opt->low_credit))
- lowers = opt->low_credit;
-
- if ((opt->oth_credit >= 0) && (others > opt->oth_credit))
- others = opt->oth_credit;
-
- size = opt->min_length;
-
- if (opt->dig_credit >= 0)
- size -= digits;
- else if (digits < opt->dig_credit * -1)
- return 1;
-
- if (opt->up_credit >= 0)
- size -= uppers;
- else if (uppers < opt->up_credit * -1)
- return 1;
-
- if (opt->low_credit >= 0)
- size -= lowers;
- else if (lowers < opt->low_credit * -1)
- return 1;
-
- if (opt->oth_credit >= 0)
- size -= others;
- else if (others < opt->oth_credit * -1)
- return 1;
-
- if (size <= i)
- return 0;
-
- return 1;
-}
-
-static int consecutive(struct cracklib_options *opt, const char *new)
-{
- char c;
- int i;
- int same;
-
- if (opt->max_repeat == 0)
- return 0;
-
- for (i = 0; new[i]; i++) {
- if (i > 0 && new[i] == c) {
- ++same;
- if (same > opt->max_repeat)
- return 1;
- } else {
- c = new[i];
- same = 1;
- }
- }
- return 0;
-}
-
-static int sequence(struct cracklib_options *opt, const char *new)
-{
- char c;
- int i;
- int sequp = 1;
- int seqdown = 1;
-
- if (opt->max_sequence == 0)
- return 0;
-
- if (new[0] == '\0')
- return 0;
-
- for (i = 1; new[i]; i++) {
- c = new[i-1];
- if (new[i] == c+1) {
- ++sequp;
- if (sequp > opt->max_sequence)
- return 1;
- seqdown = 1;
- } else if (new[i] == c-1) {
- ++seqdown;
- if (seqdown > opt->max_sequence)
- return 1;
- sequp = 1;
- } else {
- sequp = 1;
- seqdown = 1;
- }
- }
- return 0;
-}
-
-static int wordcheck(const char *new, char *word)
-{
- char *f, *b;
-
- if (strstr(new, word) != NULL)
- return 1;
-
- /* now reverse the word, we can do that in place
- as it is strdup-ed */
- f = word;
- b = word+strlen(word)-1;
- while (f < b) {
- char c;
-
- c = *f;
- *f = *b;
- *b = c;
- --b;
- ++f;
- }
-
- if (strstr(new, word) != NULL)
- return 1;
- return 0;
-}
-
-static int usercheck(struct cracklib_options *opt, const char *new,
- char *user)
-{
- if (!opt->reject_user)
- return 0;
-
- return wordcheck(new, user);
-}
-
-static char * str_lower(char *string)
-{
- char *cp;
-
- if (!string)
- return NULL;
-
- for (cp = string; *cp; cp++)
- *cp = tolower(*cp);
- return string;
-}
-
-static int gecoscheck(pam_handle_t *pamh, struct cracklib_options *opt, const char *new,
- const char *user)
-{
- struct passwd *pwd;
- char *list;
- char *p;
- char *next;
-
- if (!opt->gecos_check)
- return 0;
-
- if ((pwd = pam_modutil_getpwnam(pamh, user)) == NULL) {
- return 0;
- }
-
- list = strdup(pwd->pw_gecos);
-
- if (list == NULL || *list == '\0') {
- free(list);
- return 0;
- }
-
- for (p = list;;p = next + 1) {
- next = strchr(p, ' ');
- if (next)
- *next = '\0';
-
- if (strlen(p) >= CO_MIN_WORD_LENGTH) {
- str_lower(p);
- if (wordcheck(new, p)) {
- free(list);
- return 1;
- }
- }
-
- if (!next)
- break;
- }
-
- free(list);
- return 0;
-}
-
-static const char *password_check(pam_handle_t *pamh, struct cracklib_options *opt,
- const char *old, const char *new,
- const char *user)
-{
- const char *msg = NULL;
- char *oldmono = NULL, *newmono, *wrapped = NULL;
- char *usermono = NULL;
-
- if (old && strcmp(new, old) == 0) {
- msg = _("is the same as the old one");
- return msg;
- }
-
- newmono = str_lower(strdup(new));
- if (!newmono)
- msg = _("memory allocation error");
-
- usermono = str_lower(strdup(user));
- if (!usermono)
- msg = _("memory allocation error");
-
- if (!msg && old) {
- oldmono = str_lower(strdup(old));
- if (oldmono)
- wrapped = malloc(strlen(oldmono) * 2 + 1);
- if (wrapped) {
- strcpy (wrapped, oldmono);
- strcat (wrapped, oldmono);
- } else {
- msg = _("memory allocation error");
- }
- }
-
- if (!msg && palindrome(newmono))
- msg = _("is a palindrome");
-
- if (!msg && oldmono && strcmp(oldmono, newmono) == 0)
- msg = _("case changes only");
-
- if (!msg && oldmono && similar(opt, oldmono, newmono))
- msg = _("is too similar to the old one");
-
- if (!msg && simple(opt, new))
- msg = _("is too simple");
-
- if (!msg && wrapped && strstr(wrapped, newmono))
- msg = _("is rotated");
-
- if (!msg && minclass (opt, new))
- msg = _("not enough character classes");
-
- if (!msg && consecutive(opt, new))
- msg = _("contains too many same characters consecutively");
-
- if (!msg && sequence(opt, new))
- msg = _("contains too long of a monotonic character sequence");
-
- if (!msg && (usercheck(opt, newmono, usermono) || gecoscheck(pamh, opt, newmono, user)))
- msg = _("contains the user name in some form");
-
- free(usermono);
- if (newmono) {
- memset(newmono, 0, strlen(newmono));
- free(newmono);
- }
- if (oldmono) {
- memset(oldmono, 0, strlen(oldmono));
- free(oldmono);
- }
- if (wrapped) {
- memset(wrapped, 0, strlen(wrapped));
- free(wrapped);
- }
-
- return msg;
-}
-
-
-static int _pam_unix_approve_pass(pam_handle_t *pamh,
- unsigned int ctrl,
- struct cracklib_options *opt,
- const char *pass_old,
- const char *pass_new)
-{
- const char *msg = NULL;
- const char *user;
- int retval;
-
- if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) {
- if (ctrl & PAM_DEBUG_ARG)
- pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
- pam_error(pamh, "%s", pass_new == NULL ?
- _("No password has been supplied.") :
- _("The password has not been changed."));
- return PAM_AUTHTOK_ERR;
- }
-
- retval = pam_get_user(pamh, &user, NULL);
- if (retval != PAM_SUCCESS) {
- if (ctrl & PAM_DEBUG_ARG)
- pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
- pam_strerror(pamh, retval));
- return PAM_AUTHTOK_ERR;
- }
- /*
- * if one wanted to hardwire authentication token strength
- * checking this would be the place
- */
- msg = password_check(pamh, opt, pass_old, pass_new, user);
-
- if (msg) {
- if (ctrl & PAM_DEBUG_ARG)
- pam_syslog(pamh, LOG_NOTICE,
- "new passwd fails strength check: %s", msg);
- pam_error(pamh, _("BAD PASSWORD: %s"), msg);
- return PAM_AUTHTOK_ERR;
- };
- return PAM_SUCCESS;
-
-}
-
-/* The Main Thing (by Cristian Gafton, CEO at this module :-)
- * (stolen from http://home.netscape.com)
- */
-int
-pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
- unsigned int ctrl;
- struct cracklib_options options;
-
- D(("called."));
-
- memset(&options, 0, sizeof(options));
- options.retry_times = CO_RETRY_TIMES;
- options.diff_ok = CO_DIFF_OK;
- options.min_length = CO_MIN_LENGTH;
- options.dig_credit = CO_DIG_CREDIT;
- options.up_credit = CO_UP_CREDIT;
- options.low_credit = CO_LOW_CREDIT;
- options.oth_credit = CO_OTH_CREDIT;
- options.cracklib_dictpath = CRACKLIB_DICTS;
-
- ctrl = _pam_parse(pamh, &options, argc, argv);
-
- if (flags & PAM_PRELIM_CHECK) {
- /* Check for passwd dictionary */
- /* We cannot do that, since the original path is compiled
- into the cracklib library and we don't know it. */
- return PAM_SUCCESS;
- } else if (flags & PAM_UPDATE_AUTHTOK) {
- int retval;
- const void *oldtoken;
- int tries;
-
- D(("do update"));
-
-
- retval = pam_get_item (pamh, PAM_OLDAUTHTOK, &oldtoken);
- if (retval != PAM_SUCCESS) {
- if (ctrl & PAM_DEBUG_ARG)
- pam_syslog(pamh,LOG_ERR,"Can not get old passwd");
- oldtoken = NULL;
- }
-
- tries = 0;
- while (tries < options.retry_times) {
- const char *crack_msg;
- const char *newtoken = NULL;
-
-
- tries++;
-
- /* Planned modus operandi:
- * Get a passwd.
- * Verify it against cracklib.
- * If okay get it a second time.
- * Check to be the same with the first one.
- * set PAM_AUTHTOK and return
- */
-
- retval = pam_get_authtok_noverify (pamh, &newtoken, NULL);
- if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s",
- pam_strerror (pamh, retval));
- continue;
- } else if (newtoken == NULL) { /* user aborted password change, quit */
- return PAM_AUTHTOK_ERR;
- }
-
- D(("testing password"));
- /* now test this passwd against cracklib */
-
- D(("against cracklib"));
- if ((crack_msg = FascistCheck (newtoken, options.cracklib_dictpath))) {
- if (ctrl & PAM_DEBUG_ARG)
- pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg);
- pam_error (pamh, _("BAD PASSWORD: %s"), crack_msg);
- if (getuid() || options.enforce_for_root || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
- {
- pam_set_item (pamh, PAM_AUTHTOK, NULL);
- retval = PAM_AUTHTOK_ERR;
- continue;
- }
- }
-
- /* check it for strength too... */
- D(("for strength"));
- retval = _pam_unix_approve_pass (pamh, ctrl, &options,
- oldtoken, newtoken);
- if (retval != PAM_SUCCESS) {
- if (getuid() || options.enforce_for_root || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
- {
- pam_set_item(pamh, PAM_AUTHTOK, NULL);
- retval = PAM_AUTHTOK_ERR;
- continue;
- }
- }
-
- retval = pam_get_authtok_verify (pamh, &newtoken, NULL);
- if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s",
- pam_strerror (pamh, retval));
- pam_set_item(pamh, PAM_AUTHTOK, NULL);
- continue;
- } else if (newtoken == NULL) { /* user aborted password change, quit */
- return PAM_AUTHTOK_ERR;
- }
-
- return PAM_SUCCESS;
- }
-
- D(("returning because maxtries reached"));
-
- pam_set_item (pamh, PAM_AUTHTOK, NULL);
-
- /* if we have only one try, we can use the real reason,
- else say that there were too many tries. */
- if (options.retry_times > 1)
- return PAM_MAXTRIES;
- else
- return retval;
-
- } else {
- if (ctrl & PAM_DEBUG_ARG)
- pam_syslog(pamh, LOG_NOTICE, "UNKNOWN flags setting %02X",flags);
- return PAM_SERVICE_ERR;
- }
-
- /* Not reached */
- return PAM_SERVICE_ERR;
-}
-
-
-
-/*
- * Copyright (c) Cristian Gafton <gafton@redhat.com>, 1996.
- * All rights reserved
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, and the entire permission notice in its entirety,
- * including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- * products derived from this software without specific prior
- * written permission.
- *
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU Public License, in which case the provisions of the GPL are
- * required INSTEAD OF the above restrictions. (This clause is
- * necessary due to a potential bad interaction between the GPL and
- * the restrictions contained in a BSD-style copyright.)
- *
- * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * The following copyright was appended for the long password support
- * added with the libpam 0.58 release:
- *
- * Modificaton Copyright (c) Philip W. Dalrymple III <pwd@mdtsoft.com>
- * 1997. All rights reserved
- *
- * THE MODIFICATION THAT PROVIDES SUPPORT FOR LONG PASSWORD TYPE CHECKING TO
- * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
diff --git a/modules/pam_cracklib/tst-pam_cracklib b/modules/pam_cracklib/tst-pam_cracklib
deleted file mode 100755
index 46a7060d..00000000
--- a/modules/pam_cracklib/tst-pam_cracklib
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-../../tests/tst-dlopen .libs/pam_cracklib.so
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-30 22:14:30 +0000