https://github.com/sr-lab/verified-pam-cracklib
A verified rewrite of the PAM cracklib module.
https://github.com/sr-lab/verified-pam-cracklib
cracklib ffi pam-module security verification
Last synced: 10 months ago
JSON representation
A verified rewrite of the PAM cracklib module.
- Host: GitHub
- URL: https://github.com/sr-lab/verified-pam-cracklib
- Owner: sr-lab
- License: bsd-3-clause
- Created: 2017-02-17T11:46:16.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2018-05-23T22:24:06.000Z (about 8 years ago)
- Last Synced: 2025-08-12T14:48:31.264Z (10 months ago)
- Topics: cracklib, ffi, pam-module, security, verification
- Language: Coq
- Size: 152 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Verified PAM Password Checker Toolkit
A toolset for defining and building verified PAM modules for password checking.
## Getting Started
You'll need a fairly particular system setup to compile this project. It's far easier to use [this Vagrant environment](https://github.com/sr-lab/verified-pam-environment) and be assured that it contains everything you need. Alternatively, run [the provisioning script included](https://github.com/sr-lab/verified-pam-environment/blob/master/provision.sh) alongside the Vagrant box on a clean install of Ubuntu 16.04.
### Prerequisites
This project's main dependencies are on Coq and GHC (the Glasgow Haskell Compiler) but several smaller libraries are required including `libpam` and `libcrack2`. The `expect` interactive script automation environment is required to run the evaluation scripts. You'll need:
* Coq v8.6
* GHC
* The following `apt` library packages:
+ `libpam0g-dev`
+ `libpam-cracklib`
+ `libcrack2-dev`
* Expect (for evaluation scripts)
Once again, take a look at [the provisioning script included](https://github.com/sr-lab/verified-pam-environment/blob/master/provision.sh) or use [the Vagrant box](https://github.com/sr-lab/verified-pam-environment) if in doubt.
### Installing
Build the module by navigating to the `src` directory and calling `make`. On successful build, type `sudo make install`.
```bash
cd src
make
sudo make install
```
To activate the module (that is, configure your `passwd` utility to use it), type `sudo make activate`
```bash
sudo make activate
```
This will modify your `/etc/pam.d/common-password` file to use the __verified__ module as the password quality checker during password changes using the `passwd` utility. To switch back to the default `pam_cracklib` implementation, use `sudo make deactivate`.
```bash
sudo make deactivate
```