password dictionary ignored
Jason
jason.calvert at abbott.com
Thu Sep 26 17:10:02 EDT 2002
jason.calvert at abbott.com (Jason) wrote in message news:<da6ed775.0209260655.7ae33f8d at posting.google.com>...
> Well I have set up a krb5.dict file with one three lines in it as
> follows:
> ===========
> test
> testme
> testmeyes
> ===========
> when I use kpasswd or kadmin with cpw and try a password of test for
> my test user, it allows the password change with no complaints!?!
>
> To check if it was loading the file I renamed it and sure enough got a
> compliant from kadmind that the file could not be found.
>
> Is my dict file in the right format? The source said one string per
> line.
>
> Thanks in advance if you can help me.
>
> Jason
>
> here is my krb5.conf sym linked on this machine to my krb.conf:
> ===========
>
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_keytab_name = /etc/krb5kdc/kadm5.keytab
> default_realm = ABC.GPRD.ABBOTT.COM
> default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
> default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
> permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
> kdc_timesync = 1
> ccache_type = 4
> forwardable = true
> proxiable = true
> ticket_lifetime = 24000
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> ABC.GPRD.ABBOTT.COM = {
> kdc = abcldap01.abc.gprd.abbott.com:88
> admin_server = abcldap01.abc.gprd.abbott.com:749
> default_domain = abc.gprd.abbott.com
> dict_file = /etc/krb5kdc/kadm5.dict
> }
>
> [domain_realm]
> .abc.gprd.abbott.com = ABC.GPRD.ABBOTT.COM
> abc.gprd.abbott.com = ABC.GPRD.ABBOTT.COM
> ==========================
Doh, I hate it when my answers come from the man page:
man kadmind:
dict_file The path of kadmind's password dictionary. A prin
cipal with any password policy will not be allowed
to select any password in the dictionary.
Optional. No default.
I had thought any password policy included no password policy.
Thanks Sam,
Jason
More information about the Kerberos
mailing list