On Mon, Nov 29, 1999 at 03:12:51PM -0000, subb3 at ibm.net mentioned:
> I have downloaded the latest Crack 5.0. When I run,
> $ Crack /etc/passwd
> $ Crack /etc/shawdow
> I get lots of output, that seem to suggest, it is trying to do some "make".
> Here is the tail end of the output.
> make: Leaving directory `/usr/local/tools/c50a/src/util'
> Crack: The dictionaries seem up to date...
> Crack: Sorting out and merging feedback, please be patient...
> Crack: Merging password files...
> Crack: Creating gecos-derived dictionaries
> mkgecosd: making non-permuted words dictionary
> mkgecosd: making permuted words dictionary
> Crack: launching: cracker -kill run/Kstar.12202
>> The Crack does not try to crack my passwords. Am I invoking Crack with
> the wrong syntax? How can I test the password qualities of my users?
It is working actually. It's running cracker in the background. Check it
yourself with top. I don't remember what the files are called, but it makes
logs of what it's doing in a subdirectory of the main directory. Go
If you have PAM installed (which most recent distros use) you should have
a file /etc/pam.d/passwd. This is the PAM config file for the passwd
program. If it contains the line:
password required /lib/security/pam_cracklib.so retry=3
It'll try and use cracklib to crack the password when the password is made
- this is a lot more effective than running crack after the passwords are
crypted or MD5'd (which isn't a brilliant idea).
If you are worried about user password security, verify that pam_cracklib
is in use, and make sure you are using MD5'd shadow password files. Then,
the chances of someone causing a security breach is two orders of magnitude
smaller than the chance of someone asking a user for their password, and
Microsoft. The best reason in the world to drink beer.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!