![[Return to Library]](../books.gif)
![[Contents]](../toc.gif)
![[Previous Topic]](../prev.gif)
![[Bottom of Topic]](../bot.gif)
![[Next Topic]](../next.gif)
![[Index]](../index.gif)
Checks quality of new password
Description
The kpwvalid file contains a script or program that checks the quality of a new password passed to it from the kpasswd or kas setpassword command. It is optional. If it exists, it must reside in the same AFS directory as the binaries for the kpasswd and kas command suites (create a symbolic link from the client machine's local disk to this directory). The directory's ACL must extend the a (administer) and w (write) permissions to the system:administrators group only. These requirements prevent unauthorized users from substituting a spurious kpwvalid binary.
The AFS distribution includes an example kpwvalid program as shown in the following Examples section.
The script or program must return the following exit codes to the standard output stream:
Further, it must write any error messages only to the standard error stream, not to the standard output stream.
Examples
The following example program, included in the AFS distribution, verifies that the requested password includes eight or more characters.
#include <stdio.h>
/* returns 0 if the password is long enough, otherwise non-zero */
main()
{
char oldpassword[512];
char password[512];
int rc;
if (fgets(oldpassword, 512, stdin))
while (fgets(password, 512, stdin)) {
if (strlen(password) > 8) { /* password includes a newline */
rc = 0;
fputs("0\n",stdout);
fflush(stdout);
}
else {
rc = 1;
fputs("Passwords must contain at least 8 characters.\n",
stderr);
fputs("1\n",stdout);
fflush(stdout);
}
exit(rc);
}
Related Information
![[Top of Topic]](../top.gif)