Package john missing, but used by seccheck

This document (7008164) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11 Service Pack 1
SUSE Linux Enterprise Server 10 Service Pack 3
SUSE Linux Enterprise Server 9 Service Pack 4

Situation

The seccheck security-weekly.sh and security-monthly.sh scripts report :
ERROR: "Password security checking not possible, package john not installed."
The security-weekly.sh and security-monthly.sh will continue to run without john installed, they just will not check for weak passwords using functionality provided by the missing package.
This is because the package john is not provided with SUSE Linux Enterprise Server (SLES), although it is used by seccheck. The reason for this decision is that the john package is considered a cracking tool and such not suitable for a general purpose operating system like SLES.

Resolution

Packages for "john" are available in the security repositories of OpenSUSE buildservice also for SUSE Linux Enterprise Server 11.
It might be included in later Service Packs for SUSE Linux Enterprise Server 11 to deliver full functionality of seccheck.

Additional Information

Formerly known as TID# 10098579

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.