password dictionary ignored

Jason jason.calvert at abbott.com
Thu Sep 26 17:10:02 EDT 2002


jason.calvert at abbott.com (Jason) wrote in message news:<da6ed775.0209260655.7ae33f8d at posting.google.com>...
> Well I have set up a krb5.dict file with one three lines in it as
> follows:
> ===========
> test
> testme
> testmeyes
> ===========
> when I use kpasswd or kadmin with cpw and try a password of test for
> my test user, it allows the password change with no complaints!?!
> 
> To check if it was loading the file I renamed it and sure enough got a
> compliant  from kadmind that the file could not be found.
> 
> Is my dict file in the right format?  The source said one string per
> line.
> 
> Thanks in advance if you can help me.
> 
> Jason
> 
> here is my krb5.conf sym linked on this machine to my krb.conf:
> ===========
> 
> 
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
>  default_keytab_name = /etc/krb5kdc/kadm5.keytab
>  default_realm = ABC.GPRD.ABBOTT.COM
>  default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
>  default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
>  permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
>  kdc_timesync = 1
>  ccache_type = 4
>  forwardable = true
>  proxiable = true
>  ticket_lifetime = 24000
>  dns_lookup_realm = false 
>  dns_lookup_kdc = false
> 
> [realms]
>  ABC.GPRD.ABBOTT.COM = {
>   kdc = abcldap01.abc.gprd.abbott.com:88
>   admin_server = abcldap01.abc.gprd.abbott.com:749
>   default_domain = abc.gprd.abbott.com
>   dict_file = /etc/krb5kdc/kadm5.dict
>  }
> 
> [domain_realm]
>  .abc.gprd.abbott.com = ABC.GPRD.ABBOTT.COM 
>  abc.gprd.abbott.com = ABC.GPRD.ABBOTT.COM
> ==========================

Doh, I hate it when my answers come from the man page:
man kadmind:
dict_file     The path of kadmind's password dictionary.  A prin­
              cipal with any password policy will not be  allowed
              to   select   any   password   in  the  dictionary.
              Optional.  No default.
I had thought any password policy included no password policy.

Thanks Sam,

Jason



More information about the Kerberos mailing list