Introduction to cracklib

The cracklib package contains a library used to enforce strong passwords by comparing user selected passwords to words in a chosen wordlist.

Package information

Additional downloads

You will also need to download a wordlist for use with cracklib. There are two wordlists to choose from at the following location. Use the cracklib word list for good security, or opt for the allwords word list for lightweight machines short on RAM. You can of course choose any other word list that you have at your disposal.

Installation of cracklib

First, as the root user, install the chosen word list for cracklib:

install -d -m755 /usr/share/dict &&
install -m644 ../[wordlist] /usr/share/dict &&
ln -sf [wordlist] /usr/share/dict/words &&
echo $(hostname) >> /usr/share/dict/extra.words

The wordlist is linked to /usr/share/dict/words as historically, words is the primary wordlist in the /usr/share/dict directory. Additionally, the value of hostname is echoed to a file called extra.words. This extra file is intended to be a site specific list which includes easy to guess passwords such as company or department names, user's names, product names, computer names, domain names, etc.

Now apply the BLFS patch:

patch -Np1 -i ../cracklib,2.7-blfs-1.patch

If necessary, apply the Heimdal patch:

cp -R cracklib cracklib_krb5 &&
patch -Np1 -i ../cracklib,2.7-heimdal-1.patch

Finally, as the root user, install the package:

make install &&
rm /lib/ &&
ln -sf ../../lib/ /usr/lib/

Command explanations

rm /lib/; ln -sf ... /usr/lib/ These two commands move the symlink from /lib to /usr/lib.


Installed Programs: create-cracklib-dict, mkdict and packer
Installed Libraries: and optionally,
Installed Directory: /usr/share/dict

Short Descriptions

libraries provide a fast dictionary lookup method for strong password enforcement.

Last updated on 2005-02-26 08:46:21 -0700