diff options
author | davidn <davidn@FreeBSD.org> | 1997-02-10 15:42:12 +0000 |
---|---|---|
committer | davidn <davidn@FreeBSD.org> | 1997-02-10 15:42:12 +0000 |
commit | eb7d367862858f9cd3d5934cb6c38dc8041dd611 (patch) | |
tree | f70af2132d998d4ccf935cef955449089728b087 /usr.bin/passwd | |
parent | 9da4914e7208d91779eee2ef21fdac380b51afee (diff) | |
download | FreeBSD-src-eb7d367862858f9cd3d5934cb6c38dc8041dd611.zip FreeBSD-src-eb7d367862858f9cd3d5934cb6c38dc8041dd611.tar.gz |
Adds login class support for local & nis passwords:
- minpasswordlen=n override minimum password length for class.
- passwordperiod=n[smhdwy] auto-set next password change date.
Diffstat (limited to 'usr.bin/passwd')
-rw-r--r-- | usr.bin/passwd/Makefile | 17 | ||||
-rw-r--r-- | usr.bin/passwd/local_passwd.c | 46 | ||||
-rw-r--r-- | usr.bin/passwd/passwd.1 | 13 |
3 files changed, 60 insertions, 16 deletions
diff --git a/usr.bin/passwd/Makefile b/usr.bin/passwd/Makefile index 4f72ca1..89a3a0c 100644 --- a/usr.bin/passwd/Makefile +++ b/usr.bin/passwd/Makefile @@ -5,15 +5,18 @@ PROG= passwd SRCS= local_passwd.c yppasswd_private_xdr.c yppasswd_comm.c yp_passwd.c \ passwd.c pw_copy.c pw_util.c pw_yp.c -DPADD= ${LIBCRYPT} ${LIBRPCSVC} -LDADD= -lcrypt -lrpcsvc +DPADD= ${LIBCRYPT} ${LIBRPCSVC} ${LIBUTIL} +LDADD= -lcrypt -lrpcsvc -lutil .PATH: ${.CURDIR}/../../usr.bin/chpass ${.CURDIR}/../../usr.sbin/vipw \ ${.CURDIR}/../rlogin ${.CURDIR}/../../libexec/ypxfr \ ${.CURDIR}/../../usr.sbin/rpc.yppasswdd -CFLAGS+= -DCRYPT -DYP -I. -I${.CURDIR} -I${.CURDIR}/../../usr.sbin/vipw \ - -I${.CURDIR}/../../usr.bin/chpass -I${.CURDIR}/../../libexec/ypxfr \ - -I${.CURDIR}/../../usr.sbin/rpc.yppasswdd -Dyp_error=warnx -DLOGGING +CFLAGS+= -DLOGIN_CAP -DCRYPT -DYP -I. -I${.CURDIR} \ + -I${.CURDIR}/../../usr.sbin/vipw \ + -I${.CURDIR}/../../usr.bin/chpass \ + -I${.CURDIR}/../../libexec/ypxfr \ + -I${.CURDIR}/../../usr.sbin/rpc.yppasswdd \ + -Dyp_error=warnx -DLOGGING SRCS+= ypxfr_misc.c yp_clnt.c yppasswd_clnt.c @@ -59,8 +62,8 @@ CFLAGS+= -DKERBEROS \ -I${.CURDIR}/../../eBones/include \ -I${.CURDIR}/../../eBones/lib/libkadm # XXX not defined: ${LIBKADM}, ${LIBCOM_ERR} -DPADD= ${LIBKADM} ${LIBKRB} ${LIBDES} ${LIBCRYPT} ${LIBRPCSVC} ${LIBCOM_ERR} -LDADD= -lkadm -lkrb -ldes -lcrypt -lrpcsvc -lcom_err +DPADD= ${LIBKADM} ${LIBKRB} ${LIBDES} ${LIBCRYPT} ${LIBRPCSVC} ${LIBCOM_ERR} ${LIBUTIL} +LDADD= -lkadm -lkrb -ldes -lcrypt -lrpcsvc -lcom_err -lutil DISTRIBUTION= krb .endif diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c index 04b552f..48faf02 100644 --- a/usr.bin/passwd/local_passwd.c +++ b/usr.bin/passwd/local_passwd.c @@ -60,6 +60,13 @@ static const char sccsid[] = "@(#)local_passwd.c 8.3 (Berkeley) 4/2/94"; #include <syslog.h> #endif +#ifdef LOGIN_CAP +#ifdef AUTH_NONE /* multiple defs :-( */ +#undef AUTH_NONE +#endif +#include <login_cap.h> +#endif + #include "extern.h" static uid_t uid; @@ -86,8 +93,11 @@ getnewpasswd(pw, nis) struct passwd *pw; int nis; { - int tries; + int tries, min_length = 6; char *p, *t; +#ifdef LOGIN_CAP + login_cap_t * lc; +#endif char buf[_PASSWORD_LEN+1], salt[10]; struct timeval tv; @@ -101,14 +111,34 @@ getnewpasswd(pw, nis) pw_error(NULL, 1, 1); } +#ifdef LOGIN_CAP + /* + * Determine minimum password length and next password change date. + * Note that even for NIS passwords, login_cap is still used. + */ + if ((lc = login_getclass(pw)) != NULL) { + time_t period; + + /* minpasswordlen capablity */ + min_length = (int)login_getcapnum(lc, "minpasswordlen", + min_length, min_length); + /* passwordperiod capability */ + period = login_getcaptime(lc, "passwordperiod", 0, 0); + if (period > (time_t)0) { + pw->pw_change = time(NULL) + period; + } + login_close(lc); + } +#endif + for (buf[0] = '\0', tries = 0;;) { p = getpass("New password:"); if (!*p) { (void)printf("Password unchanged.\n"); pw_error(NULL, 0, 0); } - if (strlen(p) <= 5 && (uid != 0 || ++tries < 2)) { - (void)printf("Please enter a longer password.\n"); + if (strlen(p) < min_length && (uid != 0 || ++tries < 2)) { + (void)printf("Please enter a password at least %d characters in length.\n", min_length); continue; } for (t = p; *t && islower(*t); ++t); @@ -172,12 +202,14 @@ local_passwd(uname) tfd = pw_tmp(); /* - * Get the new password. Reset passwd change time to zero; when - * classes are implemented, go and get the "offset" value for this - * class and reset the timer. + * Get the new password. Reset passwd change time to zero by + * default. If the user has a valid login class (or the default + * fallback exists), then the next password change date is set + * by getnewpasswd() according to the "passwordperiod" capability + * if one has been specified. */ - pw->pw_passwd = getnewpasswd(pw, 0); pw->pw_change = 0; + pw->pw_passwd = getnewpasswd(pw, 0); pw_copy(pfd, tfd, pw); if (!pw_mkdb(uname)) diff --git a/usr.bin/passwd/passwd.1 b/usr.bin/passwd/passwd.1 index 1451416..a595bfa 100644 --- a/usr.bin/passwd/passwd.1 +++ b/usr.bin/passwd/passwd.1 @@ -55,8 +55,10 @@ If the current password is correctly typed, a new password is requested. The new password must be entered twice to avoid typing errors. .Pp -The new password should be at least six characters long and not -purely alphabetic. +The new password should be at least six characters long (which +may be overridden using the +.Xr login.cap 5 +"minpasswordlen" setting for a user's login class) and not purely alphabetic. Its total length must be less than .Dv _PASSWORD_LEN (currently 128 characters). @@ -74,7 +76,11 @@ password file, and not with the Kerberos database. When changing only the local password, .Xr pwd_mkdb 8 is used to update the password databases. +.Pp .El +When changing local or NIS password, the next password change date +is set according to "passwordperiod" capability in the user's +login class. .Pp To change another user's Kerberos password, one must first run @@ -174,12 +180,15 @@ The user database A Version 7 format password file .It Pa /etc/passwd.XXXXXX Temporary copy of the password file +.It Pa /etc/login.conf +Login class capabilities database .El .Sh SEE ALSO .Xr chpass 1 , .Xr kerberos 1 , .Xr kinit 1 , .Xr login 1 , +.Xr login.conf 5 , .Xr passwd 5 , .Xr kpasswdd 8 , .Xr pwd_mkdb 8 , |