SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE


YUM REPOSITORY

 
 

MAN page from Mandrake 8.X apg-2.0.0final-2rph.i586.rpm

APGD

Section: User Manual (8)
Updated: 2001 Aug 9
Index 

NAME

apgd- server that generates several random passwords

 

SYNOPSIS

apgd[-r dictfile] [-b filter_file][-a algorithm] [-C] [-L] [-S] [-N] [-M mode][-m min_pass_len] [-x max_pass_len] [-n num_of_pass]

 

DESCRIPTION

apgdprogram is a server that supportsPassword Generation Protocoldescribed inRFC972.It uses several password generation algorithms (currently two) and a built-inpseudo random number generator.

apgdis normally invoked by the Internet superserver (see inetd(8)) for requests to connect to the pwdgen port (pwdgen port is 129 according toRFC1700) as indicated by the/etc/servicesfile (seeservices(5)).

Default algorithm is pronounceable password generation algorithmdesigned byMorrie Gasserand described inA Random Word Generator For Pronounceable PasswordsNational Technical Information Service (NTIS)AD-A-017676.The original paper is very old and had never been put online,so I have to useNISTimplementation described in FIPS-181.

Another algorithm is simple random character generation algorithm, but ituses four user-defined symbol sets to produce random password. It means thatuser can choose type of symbols that should appear in password. Symbol setsare: numeric symbol set(0,...,9), capital letters symbol set(A,...,Z), small letters symbol set(a,...,z)and special symbols symbol set(#,@,!,...).

Built-in pseudo random number generator is an implementation of algorithmdescribed inAppendix C of ANSI X9.17orRFC1750with exception that it usesCASTorSHA-1instead ofTriple DES.It uses local time with precision of microseconds (seegettimeofday(2)) and /dev/random (if available) to produceinitial random seed.

apgdalso have the ability to check generated password quality usingdictionary. You can use this ability if you specify command-line option-rdictfileor-bfilternamewhere dictfile is dictionary file name and filtername is thename of Bloom filter file. In that dictionary you may place words(one per line) that should not appear as generated passwords. For example: user namescommon words, etc. You even can use one of the dictionaries that come withdictionary password crackers.Bloom filter file should be created with apgbfm(1) utility includedin apg distribution. These checks are case sensitive. For example, if youwant to reject word 'root', you should insert in dictfile words: root,Root, RoOt, ... , ROOT. It is not the easiest way to check password quality,but it is the most powerful way. In future releases I plan to implement someother techniques to check passwords just to make life easier.

apgdhas the ability log user password generation activity and internal debug information. It does thisusing
facility=daemon


priority=infofor user password generation activity logging
priority=debugfor internal debug information
See the syslogd(8) and syslog.conf(5) man pages for information on how to configure your syslog daemon.

 

OPTIONS

-M mode
Use symbolsets specified with mode for password generation.mode is a text string consisting of characters S[s], N[n],C[c], L[l],R[r]. Where:
S[s]
use special symbol set.
N[n]
use numeral symbol set.
C[c]
use capital symbol set.
L[l]
use small letters symbol set (always present if pronounceable passwordgeneration algorithm is used).
R[r]
the same as S[s] but it does not generate symbols `, ',", |, $, backslash, ?. Useful for password generation ina shell script.

mode can not be more then 5 characters inlength.

Examples:
-M sncl or -M SNCL or -M Cn

-M mode is the new style password generation mode definition, but the old styleoptions(-C, -N, -S, -L, -R) are also supported.

-S
use special symbol set.(old style - use -M mode instead).
-R
the same as -S but it does not generate symbols `, ',", |, $, backslash, ?. Useful for password generation ina shell script. (old style - use -M mode instead).
-N
use numeral symbol set.(old style - use -M mode instead).
-C
use capital symbol set.(old style - use -M mode instead).
-L
use small letters symbol set. Always present if pronounceable passwordgeneration algorithm is used.(old style - use -M mode instead).
-a algorithm
use algorithmfor password generation.
0- (default) pronounceable password generation
1- random character password generation
-r dictfile
check generated passwords for their appearance in dictfile
-b filter_file
check generated passwords for their appearance in filter_file. filter_file should be created with apgbfm(1)utility.
-n num_of_pass
generate num_of_passnumber of passwords. Default is 6.
-m min_pass_len
generate password with minimum length min_pass_len.If min_pass_len > max_pass_len then max_pass_len = min_pass_len.Default minimum password length is 6.
-x max_pass_len
generate password with maximum length max_pass_lenIf min_pass_len > max_pass_len then max_pass_len = min_pass_len.Default maximum password length is 8.
 

DEFAULT OPTIONS

apgd -a 0 -N -C -L -n 6 -m 6 -x 8 (old style)
apgd -a 0 -M NCL -n 6 -x 8 -m 6 (new style) 

EXIT CODE

On successful completion of its task,apgdwill complete with exit code 0. An exit code of -1 indicates an erroroccurred. Textual errors are written to thesyslogd(8). 

DIAGNOSTICS

All textual info is written to thesyslogd(8). 

FILES

None. 

BUGS

None.If you've found one, please send bug description to the author. 

SEE ALSO

apg(1), apgbfm(1) 

AUTHOR

Adel I. Mirzazhanov, <a-delAATTiname.com>
Project home page: http://www.adel.nursat.kz/apg/


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
DEFAULT OPTIONS
EXIT CODE
DIAGNOSTICS
FILES
BUGS
SEE ALSO
AUTHOR

This document was created byman2html,using the manual pages.