diff options
| author | Tomas Mraz <tmraz@fedoraproject.org> | 2021-03-26 15:23:00 +0100 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2021-03-26 15:23:00 +0100 |
| commit | 42c4c7c880f73e0cc0a64af719fd2b3a3e07b9b2 (patch) | |
| tree | ea835986b90e3a780146a93c67b048a17ae20ef3 | |
| parent | e3e46f16c651e74bdb105a2b832b67795c57c0a2 (diff) | |
| download | libpwquality-git-42c4c7c880f73e0cc0a64af719fd2b3a3e07b9b2.tar.gz | |
pwquality.3.pod: Some formatting and other cleanup
| -rw-r--r-- | doc/man/pwquality.3.pod | 94 |
1 files changed, 49 insertions, 45 deletions
diff --git a/doc/man/pwquality.3.pod b/doc/man/pwquality.3.pod index 648a85f..8e4ab79 100644 --- a/doc/man/pwquality.3.pod +++ b/doc/man/pwquality.3.pod @@ -31,73 +31,77 @@ pwquality - Documentation of the libpwquality API =head1 DESCRIPTION -Function I<pwquality_default_settings()> allocates and returns default pwquality settings -to be used in other library calls. The allocated opaque structure has to be freed -with the I<pwquality_free_settings()> call. +Function pwquality_default_settings() allocates and returns default pwquality +settings to be used in other library calls. The allocated opaque structure has +to be freed with the pwquality_free_settings() call. -The I<pwquality_read_config()> parses the configuration file (if B<cfgfile> is NULL -then the default one). If B<auxerror> is not NULL it also possibly returns auxiliary -error information that must be passed into I<pwquality_strerror()> function. +The pwquality_read_config() parses the configuration file (if I<cfgfile> is +NULL then the default one). If I<auxerror> is not NULL it also possibly returns +auxiliary error information that must be passed into pwquality_strerror() +function. =over 4 =item B<New in 1.3.0:> The library first tries to parse all F<*.conf> configuration files from -F<< <cfgfile>.d >> directory if it exists. Order of parsing determines what values will -be in effect - the latest wins. +F<< <cfgfile>.d >> directory if it exists. Order of parsing determines what +values will be in effect - the latest wins. =back -Function I<pwquality_set_option()> is useful for setting the options as configured -on a pam module command line in form of <opt>=<val>. +Function pwquality_set_option() is useful for setting the options as configured +on a pam module command line in form of I<opt>=I<val>. -Getter and setter functions for the individual integer and string setting values are: -I<pwquality_set_int_value()>, I<pwquality_set_str_value()>, -I<pwquality_get_int_value()>, and I<pwquality_get_str_value()>. In case of the +Getter and setter functions for the individual integer and string setting +values are: pwquality_set_int_value(), pwquality_set_str_value(), +pwquality_get_int_value(), and pwquality_get_str_value(). In case of the string getter the caller must copy the string before another calls that can -manipulate the B<pwq> settings object. - -The I<pwquality_generate()> function generates a random password of B<entropy_bits> entropy -and check it according to the settings. The B<*password> is allocated on heap by the -library. - -The I<pwquality_check()> function checks the B<password> according to the settings. It -returns either score <0-100>, negative error number, and possibly also auxiliary error -information that must be passed into I<pwquality_strerror()> function. -The B<oldpassword> is optional and can be NULL. -The B<user> is used for checking the B<password> against the user name -and potentially other L<passwd(5)> information and can be NULL. -The B<auxerror> can be NULL - in that case the auxiliary error information -is not returned. -However if it is non-NULL not passing the returned B<*auxerror> into -I<pwquality_strerror()> can lead to memory leaks. -The score depends on value of the setting B<PWQ_SETTING_MIN_LENGTH>. If it is -set higher, the score for the same passwords will be lower. - -Function I<pwquality_strerror()> translates the B<errcode> and B<auxerror> auxiliary -data into localized text message. If B<buf> is NULL the function uses an internal static -buffer which makes the function non-reentrant in that case. The returned pointer is not -guaranteed to point to the B<buf>. The function handles deallocation of eventual -B<auxerror> data passed into it, thus it must not be called twice with the same -B<auxerror> data. +manipulate the I<pwq> settings object. + +The pwquality_generate() function generates a random password of +I<entropy_bits> entropy and checks it according to the settings. The +I<*password> is allocated on the heap by the library. + +The pwquality_check() function checks the I<password> according to the +settings. It returns either score (value between 0 and 100), negative +error number, and possibly also auxiliary error information that must be +passed into the pwquality_strerror() function. +The I<oldpassword> is optional and can be NULL. The I<user> is used for +checking the I<password> against the user name and potentially other +L<passwd(5)> information and can be NULL. The I<auxerror> can be NULL - in +that case the auxiliary error information is not returned. However if it is +non-NULL not passing the returned I<*auxerror> into pwquality_strerror() can +lead to memory leaks. + +The score of a password depends on the value of the setting +B<PWQ_SETTING_MIN_LENGTH>. If it is set higher, the score for the same +passwords will be lower. + +Function pwquality_strerror() translates the I<errcode> and I<auxerror> +auxiliary data into a localized text message. If I<buf> is NULL the function +uses an internal static buffer which makes the function non-reentrant in that +case. The returned pointer is not guaranteed to point to the I<buf>. The +function deallocates eventual I<auxerror> data passed into it, thus it must +not be called twice with the same I<auxerror> data. =head1 RETURN VALUES -In general the functions which return B<int> return 0 as success value and negative values -as concrete B<PWQ_ERROR> error code. I<pwquality_strerror()> does not allocate data -and so it cannot fail. +In general the functions which return B<int> return 0 as success value and +negative values as concrete B<PWQ_ERROR> error code. pwquality_strerror() does +not allocate data and so it cannot fail. -The returned positive or zero score from I<pwquality_check()> should not be used for -rejection of passwords, it should be used only as approximate indicator of entropy present -in the password with values such as 0-30 being low, 30-60 medium, and 60-100 high. +The returned positive or zero score from pwquality_check() should not be +used for rejection of passwords, it should be used only as approximate +indicator of entropy present in the password with values such as 0-30 being +low, 30-60 medium, and 60-100 high. =head1 EXAMPLE Typical use of the libpwquality API: #include <pwquality.h> - + ... pwquality_settings_t *pwq; |