(This refers to the version 1 API only.)
Module shared objects may conveniently be compiled and linked with
libtool(1). An object needs to export a symbol called ‘kadm5_password_verifier' of the type
struct kadm5_pw_policy_verifier.
Its
name and
vendor fields should be contain the obvious information and
version should be
KADM5_PASSWD_VERSION_V1.
funcs contains an array of
struct kadm5_pw_policy_check_func structures that is terminated with an entry whose
name component is
NULL. The
func Fields of the array elements are functions that are exported by the module to be called to check the password. They get the following arguments: the Kerberos context, principal, password, a tuning parameter, and a pointer to a message buffer and its length. The tuning parameter for the quality check function is currently always
NULL. If the password is acceptable, the function returns zero. Otherwise it returns non-zero and fills in the message buffer with an appropriate explanation.