blob: a981e7903439f087558a31a1daaf936476c80a75 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
Password quality interface (pwqual)
===================================
The pwqual interface allows modules to control what passwords are
allowed when a user changes passwords. For a detailed description of
the pwqual interface, see the header file ``<krb5/pwqual_plugin.h>``.
The primary pwqual method is **check**, which receives a password as
input and returns success (0) or a ``KADM5_PASS_Q_`` failure code
depending on whether the password is allowed. The **check** method
also receives the principal name and the name of the principal's
password policy as input; although there is no stable interface for
the module to obtain the fields of the password policy, it can define
its own configuration or data store based on the policy name.
A module can create and destroy per-process state objects by
implementing the **open** and **close** methods. State objects have
the type krb5_pwqual_moddata, which is an abstract pointer type. A
module should typically cast this to an internal type for the state
object. The **open** method also receives the name of the realm's
dictionary file (as configured by the **dict_file** variable in the
:ref:`kdc_realms` section of :ref:`kdc.conf(5)`) if it wishes to use
it.
|
