Adds login class support for local & nis passwords:

- minpasswordlen=n         override minimum password length for class.
    - passwordperiod=n[smhdwy] auto-set next password change date.
This commit is contained in:
David Nugent 1997-02-10 15:42:12 +00:00
parent f607e2c314
commit 720cdec3f6
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=22536
3 changed files with 60 additions and 16 deletions

View file

@ -5,15 +5,18 @@ PROG= passwd
SRCS= local_passwd.c yppasswd_private_xdr.c yppasswd_comm.c yp_passwd.c \
passwd.c pw_copy.c pw_util.c pw_yp.c
DPADD= ${LIBCRYPT} ${LIBRPCSVC}
LDADD= -lcrypt -lrpcsvc
DPADD= ${LIBCRYPT} ${LIBRPCSVC} ${LIBUTIL}
LDADD= -lcrypt -lrpcsvc -lutil
.PATH: ${.CURDIR}/../../usr.bin/chpass ${.CURDIR}/../../usr.sbin/vipw \
${.CURDIR}/../rlogin ${.CURDIR}/../../libexec/ypxfr \
${.CURDIR}/../../usr.sbin/rpc.yppasswdd
CFLAGS+= -DCRYPT -DYP -I. -I${.CURDIR} -I${.CURDIR}/../../usr.sbin/vipw \
-I${.CURDIR}/../../usr.bin/chpass -I${.CURDIR}/../../libexec/ypxfr \
-I${.CURDIR}/../../usr.sbin/rpc.yppasswdd -Dyp_error=warnx -DLOGGING
CFLAGS+= -DLOGIN_CAP -DCRYPT -DYP -I. -I${.CURDIR} \
-I${.CURDIR}/../../usr.sbin/vipw \
-I${.CURDIR}/../../usr.bin/chpass \
-I${.CURDIR}/../../libexec/ypxfr \
-I${.CURDIR}/../../usr.sbin/rpc.yppasswdd \
-Dyp_error=warnx -DLOGGING
SRCS+= ypxfr_misc.c yp_clnt.c yppasswd_clnt.c
@ -59,8 +62,8 @@ CFLAGS+= -DKERBEROS \
-I${.CURDIR}/../../eBones/include \
-I${.CURDIR}/../../eBones/lib/libkadm
# XXX not defined: ${LIBKADM}, ${LIBCOM_ERR}
DPADD= ${LIBKADM} ${LIBKRB} ${LIBDES} ${LIBCRYPT} ${LIBRPCSVC} ${LIBCOM_ERR}
LDADD= -lkadm -lkrb -ldes -lcrypt -lrpcsvc -lcom_err
DPADD= ${LIBKADM} ${LIBKRB} ${LIBDES} ${LIBCRYPT} ${LIBRPCSVC} ${LIBCOM_ERR} ${LIBUTIL}
LDADD= -lkadm -lkrb -ldes -lcrypt -lrpcsvc -lcom_err -lutil
DISTRIBUTION= krb
.endif

View file

@ -60,6 +60,13 @@ static const char sccsid[] = "@(#)local_passwd.c 8.3 (Berkeley) 4/2/94";
#include <syslog.h>
#endif
#ifdef LOGIN_CAP
#ifdef AUTH_NONE /* multiple defs :-( */
#undef AUTH_NONE
#endif
#include <login_cap.h>
#endif
#include "extern.h"
static uid_t uid;
@ -86,8 +93,11 @@ getnewpasswd(pw, nis)
struct passwd *pw;
int nis;
{
int tries;
int tries, min_length = 6;
char *p, *t;
#ifdef LOGIN_CAP
login_cap_t * lc;
#endif
char buf[_PASSWORD_LEN+1], salt[10];
struct timeval tv;
@ -101,14 +111,34 @@ getnewpasswd(pw, nis)
pw_error(NULL, 1, 1);
}
#ifdef LOGIN_CAP
/*
* Determine minimum password length and next password change date.
* Note that even for NIS passwords, login_cap is still used.
*/
if ((lc = login_getclass(pw)) != NULL) {
time_t period;
/* minpasswordlen capablity */
min_length = (int)login_getcapnum(lc, "minpasswordlen",
min_length, min_length);
/* passwordperiod capability */
period = login_getcaptime(lc, "passwordperiod", 0, 0);
if (period > (time_t)0) {
pw->pw_change = time(NULL) + period;
}
login_close(lc);
}
#endif
for (buf[0] = '\0', tries = 0;;) {
p = getpass("New password:");
if (!*p) {
(void)printf("Password unchanged.\n");
pw_error(NULL, 0, 0);
}
if (strlen(p) <= 5 && (uid != 0 || ++tries < 2)) {
(void)printf("Please enter a longer password.\n");
if (strlen(p) < min_length && (uid != 0 || ++tries < 2)) {
(void)printf("Please enter a password at least %d characters in length.\n", min_length);
continue;
}
for (t = p; *t && islower(*t); ++t);
@ -172,12 +202,14 @@ local_passwd(uname)
tfd = pw_tmp();
/*
* Get the new password. Reset passwd change time to zero; when
* classes are implemented, go and get the "offset" value for this
* class and reset the timer.
* Get the new password. Reset passwd change time to zero by
* default. If the user has a valid login class (or the default
* fallback exists), then the next password change date is set
* by getnewpasswd() according to the "passwordperiod" capability
* if one has been specified.
*/
pw->pw_passwd = getnewpasswd(pw, 0);
pw->pw_change = 0;
pw->pw_passwd = getnewpasswd(pw, 0);
pw_copy(pfd, tfd, pw);
if (!pw_mkdb(uname))

View file

@ -55,8 +55,10 @@ If the current password is correctly typed, a new password is
requested.
The new password must be entered twice to avoid typing errors.
.Pp
The new password should be at least six characters long and not
purely alphabetic.
The new password should be at least six characters long (which
may be overridden using the
.Xr login.cap 5
"minpasswordlen" setting for a user's login class) and not purely alphabetic.
Its total length must be less than
.Dv _PASSWORD_LEN
(currently 128 characters).
@ -74,7 +76,11 @@ password file, and not with the Kerberos database.
When changing only the local password,
.Xr pwd_mkdb 8
is used to update the password databases.
.Pp
.El
When changing local or NIS password, the next password change date
is set according to "passwordperiod" capability in the user's
login class.
.Pp
To change another user's Kerberos password, one must first
run
@ -174,12 +180,15 @@ The user database
A Version 7 format password file
.It Pa /etc/passwd.XXXXXX
Temporary copy of the password file
.It Pa /etc/login.conf
Login class capabilities database
.El
.Sh SEE ALSO
.Xr chpass 1 ,
.Xr kerberos 1 ,
.Xr kinit 1 ,
.Xr login 1 ,
.Xr login.conf 5 ,
.Xr passwd 5 ,
.Xr kpasswdd 8 ,
.Xr pwd_mkdb 8 ,