smp_try_pw(S)
smp_try_pw --
check user password syntax and guessability
Syntax
cc . . . -lprot
#include <sys/types.h>
#include <prot.h>
int smp_try_pw(password, userp, pwtriesp, reasonp)
char *password;
struct smp_user_info *userp;
int *pwtriesp;
char **reasonp;
Description
smp_try_pw runs syntax and guessability checks on
a user-supplied password. The routine applies whatever
guessability checks are in effect for the system and user
to validate the password supplied as password.
If
goodpw(ADM)
is configured, this routine will open a pipe to it on the
first call, and continue with the same goodpw
dialogue on subsequent calls.
usrp points to an smp_user_info
structure which has been created by a previous call to
smp_check_user.
If the password is rejected the number of retries
remaining, pointed to by pwtriesp, is
decremented. The value should be initialised by the
previous call to smp_check_user.
reasonp is used with certain return values to
store a descriptive message.
Note that password is not overwritten by this
routine, as it will be needed for a subsequent call to
smp_set_pw(S).
Return values
Note that this routine also stores its return value for
later use in auditing of failures.
SMP_GOODPW-
The password passed the checks in force.
SMP_BADPW-
The password failed the checks in force.
SMP_EXTFAIL-
External failure - authentication information was not
available. reasonp points to a character string
explaining the cause of the error.
Diagnostics
All diagnostics are returned as strings pointed to by the
argument reasonp. It is up to the calling
program to display these for the user. In each case the
return value is also noted.
You are not permitted to set a null password
-
The u_nullpw flag is set for the account in the
protected password database, so a non-null password must be
specified for the account.
You may not re-use the same password
-
password matches the existing password entry.
SMP_BADPW is returned.
Too short (must be at least
n characters)
-
password is shorter then the minimum length calculated by the system
based on a combination of the delay between login attempts, the password
lifetime and the ascii character set.
SMP_BADPW is returned.
Password is too easy to guess
-
password has been checked using
acceptable_password(S)
and is too easy to guess.
SMP_BADPW is returned.
Rejected by goodpw checks
-
password failed the goodpw checks.
SMP_BADPW is returned.
Cannot be circular shift of login name
-
password is a shift of the letters of the login name.
SMP_BADPW is returned.
Must contain at least two alphabetic and one numeric or special characters
-
password does not contain at least two alphabetic characters
and at least one numeric or special character.
SMP_BADPW is returned.
Passwords must differ by at least 3 positions
-
password is identical to the old password except for one or two
characters.
SMP_BADPW is returned.
Files
/lib/libprot.a-
security subsystem library routines
/usr/lib/libp/libprot.a-
as above but used for profiling
/usr/include/prot.h-
defines the smp_user_info structure
/etc/auth/system/authorize-
subsystem authorizations, see
authorize(F)
/etc/auth/subsystems/dflt_users-
authorization default users, see
authcap(F)
/etc/auth/system/default-
system default database, see
default(F)
Examples
The following example illustrates the usage of smp_try_pw :
...
if ((pwtype=smp_pw_choice(userp, &reason)) == SMP_CHOOSE) {
...
switch (pwtype) {
case SMP_PICK:
put("new password: ");
switch (smp_try_pw(gets(newpw), userp, &pwtries, &reason)) {
case SMP_GOODPW:
break;
case SMP_BADPW:
put("\nbad choice - ");
put(reason);
put ("\n");
continue;
case SMP_FAIL:
put("\nout of memory\n");
exit(1);
case SMP_EXTFAIL:
echo();
put("\n");
put(reason);
put("\n");
exit(1);
}
put("\n");
break;
...
}
...
}
See also
smp_check_user(S),
smp_check_pw(S),
smp_pw_choice(S),
smp_generate_pw(S),
smp_get_messages(S),
smp_pw_change(S),
smp_set_identity(S),
smp_set_pw(S)
Standards conformance
smp_try_pw is not part of any currently supported
standard; it is an extension of AT&T System V provided by
The Santa Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003