DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

smp_try_pw(S-osr5)

smp_try_pw -- check user password syntax and guessability

Syntax

cc . . . -lprot 
#include <sys/types.h>
#include <prot.h>


int smp_try_pw(password, userp, pwtriesp, reasonp)
char *password;
struct smp_user_info *userp;
int *pwtriesp;
char **reasonp;

Description

smp_try_pw runs syntax and guessability checks on a user-supplied password. The routine applies whatever guessability checks are in effect for the system and user to validate the password supplied as password. If goodpw(ADM) is configured, this routine will open a pipe to it on the first call, and continue with the same goodpw dialogue on subsequent calls.

usrp points to an smp_user_info structure which has been created by a previous call to smp_check_user.

If the password is rejected the number of retries remaining, pointed to by pwtriesp, is decremented. The value should be initialised by the previous call to smp_check_user.

reasonp is used with certain return values to store a descriptive message.

Note that password is not overwritten by this routine, as it will be needed for a subsequent call to smp_set_pw(S-osr5).

Return values

Note that this routine also stores its return value for later use in auditing of failures.

SMP_GOODPW
The password passed the checks in force.

SMP_BADPW
The password failed the checks in force.

SMP_EXTFAIL
External failure - authentication information was not available. reasonp points to a character string explaining the cause of the error.

Diagnostics

All diagnostics are returned as strings pointed to by the argument reasonp. It is up to the calling program to display these for the user. In each case the return value is also noted.

You are not permitted to set a null password
The u_nullpw flag is set for the account in the protected password database, so a non-null password must be specified for the account.

You may not re-use the same password
password matches the existing password entry. SMP_BADPW is returned.

Too short (must be at least n characters)
password is shorter then the minimum length calculated by the system based on a combination of the delay between login attempts, the password lifetime and the ascii character set. SMP_BADPW is returned.

Password is too easy to guess
password has been checked using acceptable_password(S-osr5) and is too easy to guess. SMP_BADPW is returned.

Rejected by goodpw checks
password failed the goodpw checks. SMP_BADPW is returned.

Cannot be circular shift of login name
password is a shift of the letters of the login name. SMP_BADPW is returned.

Must contain at least two alphabetic and one numeric or special characters
password does not contain at least two alphabetic characters and at least one numeric or special character. SMP_BADPW is returned.

Passwords must differ by at least 3 positions
password is identical to the old password except for one or two characters. SMP_BADPW is returned.

Files


/lib/libprot.a
security subsystem library routines

/usr/lib/libp/libprot.a
as above but used for profiling

/usr/include/prot.h
defines the smp_user_info structure

/etc/auth/system/authorize
subsystem authorizations, see authorize(F)

/etc/auth/subsystems/dflt_users
authorization default users, see authcap(F)

/etc/auth/system/default
system default database, see default(F)

Examples

The following example illustrates the usage of smp_try_pw : 
...
      if ((pwtype=smp_pw_choice(userp, &reason)) == SMP_CHOOSE) {
      ...
           switch (pwtype) {
           case SMP_PICK:
               put("new password: ");
               switch (smp_try_pw(gets(newpw), userp, &pwtries, &reason)) {
               case SMP_GOODPW:
                   break;
               case SMP_BADPW:
                   put("\nbad choice - ");
                   put(reason);
                   put ("\n");
                   continue;
               case SMP_FAIL:
                   put("\nout of memory\n");
                   exit(1);
               case SMP_EXTFAIL:
                   echo();
                   put("\n");
                   put(reason);
                   put("\n");
                   exit(1);
               }
               put("\n");
               break;
           ...
           }
      ...
      }

See also

smp_check_user(S-osr5), smp_check_pw(S-osr5), smp_pw_choice(S-osr5), smp_generate_pw(S-osr5), smp_get_messages(S-osr5), smp_pw_change(S-osr5), smp_set_identity(S-osr5), smp_set_pw(S-osr5)

Standards conformance

smp_try_pw is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 02 June 2005