pwdpolicy.h File
Purpose
Defines the types and manifest constants required to support the passwdpolicy() function.
Description
The format of the pwdpolicy.h header file shall be similar to the password construction rule attributes as stored in the /etc/security/user file, with the exception that named policies do not include the histsize and histexpire attributes. Each file is a sequence of zero or more stanzas with the named policy being the stanza name. Each stanza contains one or more attributes describing the password rules which must be satisfied for a password to be accepted.
| Item | Description |
|---|---|
| pwp_version | Specifies the version of the passwd_policy_t structure. The current structure version number is PWP_VERSION_1. Future extensions to this structure will use a different version number. |
| pwp_minage | The number of seconds as a time32_t between the time a password is modified and the time the password may again be modified. This field is referenced if PWP_TOO_SOON is set in checks. |
| pwp_maxage | The number of seconds as a time32_t after a password has been modified when it is considered to be expired. This field is referenced if PWP_EXPIRED is set in checks. |
| pwp_maxexpired | The number of seconds, as a time32_t, after a password has expired when it may not longer be modified. A value of 0 indicates that an expired password may not be changed. A value of -1 indicates that an expired password may be changed after any length of time. This field is referenced if PWP_EXPIRED is set in checks. |
| pwp_minalpha | The minimum number of characters in the password which must be alphabetic characters, as determined by invoking the isalpha() macro. A value less than or equal to 0 disables this test. This field is referenced if PWP_TOO_FEW_ALPHA is set in checks. |
| pwp_minother | The minimum number of characters in the password which may not be alphabetic characters, as determined by invoking the isalpha() macro. A value less than or equal to 0 disables this test. This field is referenced if PWP_TOO_FEW_OTHER is set in checks. |
| pwp_minlen | The minimum total number of characters in the password. A value less than or equal to 0 disables this test. This field is referenced if PWP_TOO_SHORT is set in checks. |
| pwp_maxrepeats | The maximum number of times an individual character may appear in the password. A value less than or equal to 0 disables this test. This field is referenced if PWP_TOO_MANY_REPEATS is set in checks. |
| pwp_mindiff | The minimum number of characters which must be changed between the old password and the new password. A value less than or equal to 0 disables this test. This field is referenced if PWP_TOO_MANY_SAME is set in checks. |
Example
#include <sys/types.h>
/* Name types */
#define PWP_USERNAME 1
#define PWP_SYSTEMPOLICY 2
#define PWP_LOCALPOLICY 3/* Test flag values */
#define PWP_TOO_SOON 0x0001
#define PWP_EXPIRED 0x0002
#define PWP_TOO_FEW_ALPHA 0x0004
#define PWP_TOO_FEW_OTHER 0x0008
#define PWP_TOO_SHORT 0x0010
#define PWP_TOO_MANY_REPEATS 0x0020
#define PWP_TOO_MANY_SAME 0x0040
#define PWP_IN_DICTIONARY 0x0080
#define PWP_REUSED_PW 0x0100
#define PWP_REUSED_TOO_SOON 0x0200
#define PWP_FAILED_OTHER 0x0400
/* Policy structure version number */
#define PWP_VERSION_1 1
/* Policy structure definition */
typedef struct {
int pwp_version;
time32_t pwp_minage;
time32_t pwp_maxage;
time32_t pwp_maxexpired;
int pwp_minalpha;
int pwp_minother;
int pwp_minlen;
int pwp_maxrepeats;
int pwp_mindiff;
} passwd_policy_t;
The maxage, minage, maxexpired, maxrepeats, mindiff, minalpha, minother, and minlen attributes are integers. The dictionlist and pwdchecks attributes are comma-separated lists of filenames. For more information on valid values for attributes, please see /etc/security/user.
Permissions
Only the root user should have write (w) access.
Location
/usr/include/pwdpolicy.h