apgbfm(1) [debian man page]
APGBFM(1) User Manual APGBFM(1) NAME
apgbfm - APG Bloom filter management program SYNOPSIS
apgbfm -f filter -n numofwords [-q] [-s] apgbfm -f filter -d dictfile [-q] [-s] apgbfm -f filter -a word [-q] apgbfm -f filter -A dictfile [-q] apgbfm -f filter -c word [-q] apgbfm -f filter -C dictfile [-q] apgbfm -i filter apgbfm [-v] [-h] DESCRIPTION
apgbfm is used to manage Bloom filter that is used to restrict password generation in APG pasword generation software. Usage of the Bloom filter allows to speed up password check for large dictionaries and has some other benefits. The idea to use Bloom filter for that purpose is came from the description of the OPUS project OPUS: Preventing Weak Password Choices Pur- due Technical Report CSD-TR 92-028 writen by Eugene H. Spafford. You can obtain this article from: http://www.cerias.purdue.edu/homes/spaf/tech-reps/9128.ps It has very nice description of Bloom filter and it's advantages for password checking systems. In simple words, apgbfm generates n hash values for every word and sets corresponding bits in filter file to 1. To check the word apgbfm generates the same hash functions for that word and if all n corresponding bits in filter file are set to 1 then it suppose that word exists in dicionary. apgbfm uses SHA-1 as a hash function. apgbfm can be used as standalone utility, not only with apg, or apgd. WARNING !!! Filter file format can be changed in the future. I'll try to make file formats compatible but i can not guaranty this. WARNING !!! apgbfm may slow down your computer during filter creation. OPTIONS
-f filter use filter as the name for Bloom filter filename. -i filter print information about filter. -n numofwords create new empty filter for numofwords number of words. Useful when you want to fill filter dynamicaly. -d dictfile create new filter from dictfile. It may take a lot of time to generate filter from a big dictionary. In that dictionary you may place words (one per line) that should not appear as generated passwords. For example: user names common words, etc. You even can use one of the dictionaries that come with dictionary password crackers. This check is case sensitive. For example, if you want to reject word 'root', you should insert in dictfile words: root, Root, RoOt, ... , ROOT. To indicate that program is working apgbfm prints dot for every 100 words added in dictionary. -a word add word to the filter. -A dictfile add all words from dictfile to the filter. To indicate that program is working apgbfm prints dot for every 100 words added in dic- tionary. -c word check word for appearance in the filter. -C dictfile check every word from dictfile for appearance in the filter. -q quiet mode. -s create new filter in case-insensitive mode. -v print version information. -h print help information. EXIT CODE
On successful completion of its task, apgbfm will complete with exit code 0. An exit code of -1 indicates an error occurred. Textual errors are written to the standard error stream. FILES
None. BUGS
None. If you've found one, please send bug description to the author. This man page is Alpha too. SEE ALSO
apg(1) AUTHOR
Adel I. Mirzazhanov, <a-del@iname.com> Project home page: http://www.adel.nursat.kz/apg/ Automated Password Generator 2003 Jun 19 APGBFM(1)
Check Out this Related Man Page
ldapfilter.conf(4) File Formats ldapfilter.conf(4) NAME
ldapfilter.conf - configuration file for LDAP filtering routines SYNOPSIS
/etc/opt/SUNWconn/ldap/current/ldapfilter.conf DESCRIPTION
The ldapfilter.conf file contains information used by the LDAP filtering routines. Blank lines and lines that begin with a hash character (#) are treated as comments and ignored. The configuration information consists of lines that contain one to five tokens. Tokens are separated by white space, and double quotes can be used to include white space inside a token. The file consists of a sequence of one or more filter sets. A filter set begins with a line containing a single token called a tag. The filter set consists of a sequence of one or more filter lists. The first line in a filter list must contain four or five tokens: the value pattern, the delimiter list, a filtertemplate, a match description, and an optional search scope. The value pattern is a regular expression that is matched against the value passed to the LDAP library call to select the filter list. The delimiter list is a list of the characters (in the form of a single string) that can be used to break the value into distinct words. The filter template is used to construct an LDAP filter (see description below) The match description is returned to the caller along with a filter as a piece of text that can be used to describe the sort of LDAP search that took place. It should correctly compete both of the following phrases: "One match description match was found for ..." and "Three match description matches were found for...." The search scope is optional, and should be one of base, onelevel, or subtree. If search scope is not provided, the default is subtree. The remaining lines of the filter list should contain two or three tokens, a filter template, a match description and an optional search scope. The filter template is similar in concept to a printf(3C) style format string. Everything is taken literally except for the character sequences: %v Substitute the entire value string in place of the %v. %v$ Substitute the last word in this field. %vN Substitute word N in this field (where N is a single digit 1-9). Words are numbered from left to right within the value starting at 1. %vM-N Substitute the indicated sequence of words where M and N are both single digits 1-9. %vN- Substitute word N through the last word in value where N is again a single digit 1-9. EXAMPLES
Example 1 An LDAP Filter Configuration File The following LDAP filter configuration file contains two filter sets, example1 and example2 onelevel, each of which contains four filter lists. # ldap filter file # example1 "=" " " "%v" "arbitrary filter" "[0-9][0-9-]*" " " "(telephoneNumber=*%v)" "phone number" "@" " " "(mail=%v)" "email address" "^.[. _].*" ". _" "(cn=%v1* %v2-)" "first initial" ".*[. _].$" ". _" "(cn=%v1-*)" "last initial" "[. _]" ". _" "(|(sn=%v1-)(cn=%v1-))" "exact" "(|(sn~=%v1-)(cn~=%v1-))" "approximate" ".*" ". " "(|(cn=%v1)(sn=%v1)(uid=%v1))" "exact" "(|(cn~=%v1)(sn~=%v1))" "approximate" "example2 onelevel" "^..$" " " "(|(o=%v)(c=%v)(l=%v)(co=%v))" "exact" "onelevel" "(|(o~=%v)(c~=%v)(l~=%v)(co~=%v))" "approximate" "onelevel" " " " " "(|(o=%v)(l=%v)(co=%v)" "exact" "onelevel" "(|(o~=%v)(l~=%v)(co~=%v)" "approximate" "onelevel" "." " " "(associatedDomain=%v)" "exact" "onelevel" ".*" " " "(|(o=%v)(l=%v)(co=%v)" "exact" "onelevel" "(|(o~=%v)(l~=%v)(co~=%v)" "approximate" "onelevel" ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ |ATTRIBUTE TYPE |ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWlldap | |Stability Level |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
ldap_getfilter(3LDAP), ldap_ufn(3LDAP), attributes(5) SunOS 5.11 9 Jul 2003 ldapfilter.conf(4)