There are several problems in the way how cracklib is detected in the configure, that make it mostly unusable on non-RH(?) platforms. 1) in configure.in: dictpath="/usr/lib/cracklib_dict" with_cracklib=yes ^^^^^^^^^^^^^^^^^ That line effectively kills any ability do disable cracklib or change it's location. Possibly, result of forgotten debug statement. Should be removed! ############################################### # test for where we get FaciestCheck from AC_MSG_CHECKING(where to use cracklib from (default=$dictpath)) 2) At least in my version of cracklib: dictpath - the full path name of the CrackLib dictionary, without the suffix. So, it looks like: /usr/local/libdata/cracklib/pw_dict So, the message, that describes this switch for configure should reflect that(jist take a given in a manpage description - it's much more clear). 3) I wonder, where cracklib, after which the whole check was written was taken from. The only one, which I found around was cracklib 2.7, taken from http://www.crypticide.org/users/alecm/security/. It is the one, available in FreeBSD and Slackware at least. And the one on which google points to. The problem is that this version doesn't have ANY crack.h header file. So, both test/crack.c and smbd/chgpasswd.c try to use non-existing header, that breaks both detection and compilation. So, at least AC_CHECK_HEADER(crypt.h) and the proper surrounding in this code files is necessary. 4) The last problem is the handling the results of detection. It doesn't matter, what they are, but if the system HAS libcrack, it'll be linked against, even if it is recognised to be broken - in both cases LIBS will contain -lcrack and binaries will be linked against it, even if it is broken.... LIBS = -lcrack -lcrypt -liconv KRB5_LIBS = -L/usr/lib -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -lcrypt -lcom_err LDAP_LIBS = -lldap -llber AUTH_LIBS = -lcrack -lcrypt -lpam -lpam Sorry for putting everything in one file, but for such a simple check it's better to rewrite it according all the given problems, rather than doing it incrementaly with several bug reports. If anyone interested I can write modified check.
--with-cracklib support has been removed for 3.0.3rc1. It will be readded later via a script interface.
I'm hoping to add cracklib back via the script interface - probably as a compiled binary, so any assistance in getting the configure magic right would be appriciated.
Yes, sure, just give me bare bones :) Or say, in what form you would expect the script :)
originally reported against 3.0.3pre1. Moving back to version to 3.0.2a to remove preX and rcX versions.
originally reported against 3.0.3pre2. Moving back to version to 3.0.2a to remove preX and rcX versions.
database cleanup