Is there a pre-installed package in Torizon to allow password strength testing?
I am using the image “torizon-core-docker-colibri-imx6-Tezi_5.1.0-devel-202012+build.6”
If I type whereis cracklib I find files for this library.
Then I did: sudo nano /etc/pam.d/common-password
Added the line: password requisite pam_cracklib.so retry=3 minlen=8 dcredit=-1 ocredit=-1 difok=3
But when I try passwd I receive passwd: Module is unknown
Is there another way to set such password verification?
This is an important requirement to comply with cybersecurity standards.
I can update the image to a newer version, if necessary.
The issue is that while TorizonCore does have some packages to support cracklib, it’s actually missing the actual cracklib shared library as far as I can tell. If you check the contents of /lib/security you’ll notice pam_cracklib.so is missing. This would explain the error you’re experiencing.
TorizonCore would need to be rebuilt to include this missing shared library file. Though I’ll check with the team and see if it makes sense for us to just include this by default. Keep in mind I’m not guaranteeing that we will include this in the future.
Ok, so there is no default package for this and I need to create a custom build adding some library.
Thank you for the quick answer.
It would be nice some solution for this in the default image, since it is an important requirement these days and even the Toradex SAT utility warns about this configuration as an issue.
For now I submitted this as a feature request to the Torizon team. They’ll investigate and see if this makes sense and is suitable to add by default. So thank you for recommendation, it really helps us improve our platform.
However, in the meantime you will need to add the missing library manually in a customized TorizonCore build.
Is there a simple procedure description how to add the library?
I read through the Torizcon Builder pages, I have already worked with hardware overlays, but I couldn’t find an example on how to add system files to the core image.
May I just add the missing file(s) into the .zst from a standard image, in the folder for the .so files?
Unfortunately this isn’t something you can just add via TorizonCore Builder. It might be possible to add an externally compiled *.so library to the image as you suggested. But if this library needs to be linked with other libraries or has other compilation considerations then this wouldn’t be a good idea.
The recommended way would be to create your own TorizonCore image. Then in the Yocto build system you would need to add the package that has the pam_cracklib.so shared library. Once this is done the built image should then have the proper library.
