Kerberos 5 Library (libkadm5srv, -lkadm5srv)
kadm5_setup_passwd_quality_check(krb5_context context, const char *check_library, const char *check_function);
kadm5_add_passwd_quality_verifier(krb5_context context, const char *check_library);
const char *
kadm5_check_password_quality(krb5_context context, krb5_principal principal, krb5_data *pwd_data);
(*kadm5_passwd_quality_check_func)(krb5_context context, krb5_principal principal, krb5_data *password, const char *tuning, char *message, size_t length);
These functions perform the quality check for the heimdal database library.
There are two versions of the shared object API; the old version (0) is deprecated, but still supported. The new version (1) supports multiple password quality checking policies in the same shared object. See below for details.
The password quality checker will run all policies that are configured by the user. If any policy rejects the password, the password will be rejected.
Policy names are of the form ‘
module-name:policy-name’ or, if the the policy name is unique enough, just ‘
Running the Checks
kadm5_setup_passwd_quality_check sets up type 0 checks. It sets up all type 0 checks defined in krb5.conf(5) if called with the last two arguments null.
kadm5_add_passwd_quality_verifier sets up type 1 checks. It sets up all type 1 tests defined in krb5.conf(5) if called with a null second argument. kadm5_check_password_quality runs the checks in the order in which they are defined in krb5.conf(5) and the order in which they occur in a module's funcs array until one returns non-zero.
libtool(1), krb5(3), krb5.conf(5)
The man pages kadm5_add_passwd_quality_verifier(3), kadm5_check_password_quality(3), kadm5_pwcheck(3) and kadm5_setup_passwd_quality_check(3) are aliases of krb5_pwcheck(3).