From 41da9b06377228d81fa839d1ccd74114c1d3015e Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Tue, 1 Oct 2013 22:02:33 -0700 Subject: [PATCH] Change the default plugin install path and name The default installation path for this plugin is now /usr/local/lib/krb5/plugins/pwqual/strength.so (for both MIT and Heimdal), assuming a --libdir setting of /usr/local/lib. This may require updates to the Kerberos KDC configuration or moving the plugin when upgrading from earlier versions. --- Makefile.am | 21 ++++++++++----------- NEWS | 6 ++++++ README | 8 ++++---- tests/plugin/heimdal-t.c | 2 +- tests/plugin/mit-t.c | 2 +- 5 files changed, 22 insertions(+), 17 deletions(-) diff --git a/Makefile.am b/Makefile.am index d1db115..d9fb829 100644 --- a/Makefile.am +++ b/Makefile.am @@ -24,9 +24,6 @@ EXTRA_DIST = .gitignore LICENSE autogen cracklib/HISTORY cracklib/LICENCE \ AM_CPPFLAGS = $(CRACKLIB_CPPFLAGS) $(KRB5_CPPFLAGS) $(CDB_CPPFLAGS) AM_LDFLAGS = $(CRACKLIB_LDFLAGS) $(KRB5_LDFLAGS) $(CDB_LDFLAGS) -# Put the module into /usr/local/lib/kadmind by default, relative to --libdir. -moduledir = $(libdir)/kadmind - # Build our portability library. noinst_LTLIBRARIES = portable/libportable.la portable_libportable_la_SOURCES = portable/dummy.c portable/kadmin.h \ @@ -51,18 +48,20 @@ if EMBEDDED_CRACKLIB noinst_LTLIBRARIES += cracklib/libcracklib.la endif +# Put the plugin into $(libdir)/krb5/plugins/pwqual by default, +moduledir = $(libdir)/krb5/plugins/pwqual + # Rules for building the password strength plugin. -module_LTLIBRARIES = plugin/passwd_strength.la -plugin_passwd_strength_la_SOURCES = plugin/api.c plugin/cdb.c \ - plugin/heimdal.c plugin/internal.h plugin/mit.c -plugin_passwd_strength_la_LDFLAGS = -module -avoid-version +module_LTLIBRARIES = plugin/strength.la +plugin_strength_la_SOURCES = plugin/api.c plugin/cdb.c plugin/heimdal.c \ + plugin/internal.h plugin/mit.c +plugin_strength_la_LDFLAGS = -module -avoid-version if EMBEDDED_CRACKLIB - plugin_passwd_strength_la_LIBADD = cracklib/libcracklib.la + plugin_strength_la_LIBADD = cracklib/libcracklib.la else - plugin_passwd_strength_la_LIBADD = $(CRACKLIB_LIBS) + plugin_strength_la_LIBADD = $(CRACKLIB_LIBS) endif -plugin_passwd_strength_la_LIBADD += portable/libportable.la $(KRB5_LIBS) \ - $(CDB_LIBS) +plugin_strength_la_LIBADD += portable/libportable.la $(KRB5_LIBS) $(CDB_LIBS) # The Heimdal external check program. bin_PROGRAMS = tools/heimdal-strength diff --git a/NEWS b/NEWS index ab14e7d..7ee4f67 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,12 @@ krb5-strength 2.0 (unreleased) and MIT. Drop the patch for MIT Kerberos 1.4 (and hence support for versions of MIT Kerberos prior to 1.9). + The default installation path for this plugin is now + /usr/local/lib/krb5/plugins/pwqual/strength.so (for both MIT and + Heimdal), assuming a --libdir setting of /usr/local/lib. This may + require updates to the Kerberos KDC configuration or moving the plugin + when upgrading from earlier versions. + Add support for building with TinyCDB and then checking passwords against a CDB database. There is a new password_dictionary_cdb krb5.conf configuration setting that configures a CDB directory to diff --git a/README b/README index b0449f9..71ededd 100644 --- a/README +++ b/README @@ -117,8 +117,8 @@ COMPILING AND INSTALLING GCC compiler warnings (requires a relatively current version of GCC). The last step will probably have to be done as root. By default, the - plugin is installed as /usr/local/lib/kadmind/passwd_strength.so and the - Heimdal external password check function is installed as + plugin is installed as /usr/local/lib/krb5/plugins/pwqual/strength.so + and the Heimdal external password check function is installed as /usr/local/bin/heimdal-strength. You can change these paths with the --prefix, --libdir, and --bindir options to configure. @@ -227,7 +227,7 @@ CONFIGURATION [password_quality] policies = krb5-strength - policy_libraries = /usr/local/lib/kadmind/passwd_strength.so + policy_libraries = /usr/local/lib/krb5/plugins/pwqual/strength.so in either krb5.conf or kdc.conf. Note that some older versions of Heimdal have a bug in the support for loading modules when @@ -246,7 +246,7 @@ CONFIGURATION [plugins] pwqual = { - module = strength:/usr/local/lib/kadmind/passwd_strength.so + module = strength:/usr/local/lib/krb5/plugins/pwqual/strength.so } to register the plugin. diff --git a/tests/plugin/heimdal-t.c b/tests/plugin/heimdal-t.c index 3d644fc..520a3bd 100644 --- a/tests/plugin/heimdal-t.c +++ b/tests/plugin/heimdal-t.c @@ -63,7 +63,7 @@ load_plugin(void) struct kadm5_pw_policy_verifier *verifier; /* Load the module. */ - path = test_file_path("../plugin/.libs/passwd_strength.so"); + path = test_file_path("../plugin/.libs/strength.so"); if (path == NULL) bail("cannot find plugin"); handle = dlopen(path, RTLD_NOW); diff --git a/tests/plugin/mit-t.c b/tests/plugin/mit-t.c index f590c1c..1a49e4f 100644 --- a/tests/plugin/mit-t.c +++ b/tests/plugin/mit-t.c @@ -71,7 +71,7 @@ load_plugin(krb5_context ctx) krb5_error_code (*init)(krb5_context, int, int, krb5_plugin_vtable); /* Load the module. */ - path = test_file_path("../plugin/.libs/passwd_strength.so"); + path = test_file_path("../plugin/.libs/strength.so"); if (path == NULL) bail("cannot find plugin"); handle = dlopen(path, RTLD_NOW); -- 2.39.2