openafs/doc/xml/AdminReference/sect8/kpwvalid.xml

<?xml version="1.0" encoding="UTF-8"?>
<refentry id="kpwvalid8">
  <refmeta>
    <refentrytitle>kpwvalid</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>
  <refnamediv>
    <refname>kpwvalid</refname>
    <refpurpose>Checks quality of new password</refpurpose>
  </refnamediv>
  <refsect1>
    <title>Synopsis</title>
    <para><emphasis role="bold">kpwvalid</emphasis></para>

  </refsect1>
  <refsect1>
    <title>Description</title>
    <para>The <emphasis role="bold">kpwvalid</emphasis> command checks the quality of a new password passed to it
    from the <emphasis role="bold">kpasswd</emphasis> or <emphasis role="bold">kas setpassword</emphasis> command. It is optional. If it
    exists, it must reside in the same AFS directory as the binaries for the
    <emphasis role="bold">kpasswd</emphasis> and <emphasis role="bold">kas</emphasis> command suites (create a symbolic link from the
    client machine's local disk to this directory). The directory's ACL must
    extend the <computeroutput>a</computeroutput> (administer) and <computeroutput>w</computeroutput> (write) permissions to the
    system:administrators group only. These requirements prevent unauthorized
    users from substituting a spurious <emphasis role="bold">kpwvalid</emphasis> binary.</para>

    <para>The AFS distribution includes an example <emphasis role="bold">kpwvalid</emphasis> program that checks
    that the password is at least eight characters long; the code for it
    appears in <link linkend="EXAMPLES">EXAMPLES</link> below.</para>

    <para>The script or program must accept a sequence of password strings, one per
    line, on the standard input stream. The first is the current password and
    is ignored. Each subsequent string is a candidate password to be
    checked. The program must write the following to the standard output
    stream for each one:</para>

    <itemizedlist>
      <listitem>
        <para><computeroutput>0</computeroutput> (zero) and a newline character to indicate that the password is
        acceptable.</para>

      </listitem>
      <listitem>
        <para>A non-zero decimal number and a newline character to indicate that the
        password is not acceptable.</para>

      </listitem>
    </itemizedlist>
    <para>Further, it must write any error messages only to the standard error
    stream, not to the standard output stream.</para>

  </refsect1>
  <refsect1>
    <title>Examples</title>
    <para>The following example program, included in the AFS distribution, verifies
    that the requested password includes eight or more characters.</para>

<programlisting>
   #include &amp;lt;stdio.h&amp;gt;
   /* prints 0 if the password is long enough, otherwise non-zero */
   main()
   {
   char oldpassword[512];
   char password[512];

</programlisting>
<programlisting>
   if (fgets(oldpassword, 512, stdin))
      while (fgets(password, 512, stdin)) {
         if (strlen(password) &amp;gt; 8) { /* password includes a newline */
            fputs("0\n",stdout);
            fflush(stdout);
         }
         else {
            fputs("Passwords must contain at least 8 characters.\n",
                  stderr);
            fputs("1\n",stdout);
            fflush(stdout);
         }
   return 0;
   }

</programlisting>
      </refsect1>
      <refsect1>
        <title>See Also</title>
        <para><link linkend="kas_setpassword8">kas_setpassword(8)</link>,
        <link linkend="kpasswd1">kpasswd(1)</link></para>

      </refsect1>
      <refsect1>
        <title>Copyright</title>
        <para>IBM Corporation 2000. &lt;http://www.ibm.com/&gt; All Rights Reserved.</para>

        <para>This documentation is covered by the IBM Public License Version 1.0.  It was
        converted from HTML to POD by software written by Chas Williams and Russ
        Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.</para>

      </refsect1>
    </refentry>
xml-docbook-documentation-first-pass-20060915 needs more massaging to make it fit the tree, but, get it here first 2006-09-16 02:13:22 +01:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<refentry id="kpwvalid8">`
			`<refmeta>`
			`<refentrytitle>kpwvalid</refentrytitle>`
			`<manvolnum>8</manvolnum>`
			`</refmeta>`
			`<refnamediv>`
			`<refname>kpwvalid</refname>`
			`<refpurpose>Checks quality of new password</refpurpose>`
			`</refnamediv>`
			`<refsect1>`
			`<title>Synopsis</title>`
			`<para><emphasis role="bold">kpwvalid</emphasis></para>`

			`</refsect1>`
			`<refsect1>`
			`<title>Description</title>`
			`<para>The <emphasis role="bold">kpwvalid</emphasis> command checks the quality of a new password passed to it`
			`from the <emphasis role="bold">kpasswd</emphasis> or <emphasis role="bold">kas setpassword</emphasis> command. It is optional. If it`
			`exists, it must reside in the same AFS directory as the binaries for the`
			`<emphasis role="bold">kpasswd</emphasis> and <emphasis role="bold">kas</emphasis> command suites (create a symbolic link from the`
			`client machine's local disk to this directory). The directory's ACL must`
			`extend the <computeroutput>a</computeroutput> (administer) and <computeroutput>w</computeroutput> (write) permissions to the`
			`system:administrators group only. These requirements prevent unauthorized`
			`users from substituting a spurious <emphasis role="bold">kpwvalid</emphasis> binary.</para>`

			`<para>The AFS distribution includes an example <emphasis role="bold">kpwvalid</emphasis> program that checks`
			`that the password is at least eight characters long; the code for it`
			`appears in <link linkend="EXAMPLES">EXAMPLES</link> below.</para>`

			`<para>The script or program must accept a sequence of password strings, one per`
			`line, on the standard input stream. The first is the current password and`
			`is ignored. Each subsequent string is a candidate password to be`
			`checked. The program must write the following to the standard output`
			`stream for each one:</para>`

			`<itemizedlist>`
			`<listitem>`
			`<para><computeroutput>0</computeroutput> (zero) and a newline character to indicate that the password is`
			`acceptable.</para>`

			`</listitem>`
			`<listitem>`
			`<para>A non-zero decimal number and a newline character to indicate that the`
			`password is not acceptable.</para>`

			`</listitem>`
			`</itemizedlist>`
			`<para>Further, it must write any error messages only to the standard error`
			`stream, not to the standard output stream.</para>`

			`</refsect1>`
			`<refsect1>`
			`<title>Examples</title>`
			`<para>The following example program, included in the AFS distribution, verifies`
			`that the requested password includes eight or more characters.</para>`

			`<programlisting>`
			`#include &lt;stdio.h&gt;`
			`/* prints 0 if the password is long enough, otherwise non-zero */`
			`main()`
			`{`
			`char oldpassword[512];`
			`char password[512];`

			`</programlisting>`
			`<programlisting>`
			`if (fgets(oldpassword, 512, stdin))`
			`while (fgets(password, 512, stdin)) {`
			`if (strlen(password) &gt; 8) { /* password includes a newline */`
			`fputs("0\n",stdout);`
			`fflush(stdout);`
			`}`
			`else {`
			`fputs("Passwords must contain at least 8 characters.\n",`
			`stderr);`
			`fputs("1\n",stdout);`
			`fflush(stdout);`
			`}`
			`return 0;`
			`}`

			`</programlisting>`
			`</refsect1>`
			`<refsect1>`
			`<title>See Also</title>`
			`<para><link linkend="kas_setpassword8">kas_setpassword(8)</link>,`
			`<link linkend="kpasswd1">kpasswd(1)</link></para>`

			`</refsect1>`
			`<refsect1>`
			`<title>Copyright</title>`
			`<para>IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.</para>`

			`<para>This documentation is covered by the IBM Public License Version 1.0. It was`
			`converted from HTML to POD by software written by Chas Williams and Russ`
			`Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.</para>`

			`</refsect1>`
			`</refentry>`