Using cracklib with the KDC
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Oct 14 13:18:58 EDT 2003
>In my case the goal is institutional enforcement of some QA on
>passwords. That means it has to be done at the server end, like
>Heimdal does it. I suppose that I have the option of looking through
>the source code and implementing it myself. I was just hoping it was
>easier than that. (Consider this a feature request.)
Like Sam already said, the suggestion was to implement this on the
server side. But if you're interested, I already have code that does
this; contact me privately for a copy if you're interested.
(Personally, I think the idea of using libpam for password quality
checking is ... well, I can only say that even if the MIT code shipped
with this suppot, and I was using a system on my KDC that included
libpam, I'd _still_ go through the trouble of porting the cracklib over
and use that. I'm not saying that PAM is bad, I just don't think it's
the right tool for the job here).
--Ken
More information about the Kerberos
mailing list