dictionary password screening problem

Erich Weiler weiler at soe.ucsc.edu
Tue Sep 12 19:08:59 EDT 2006


Hi All-

I'm having this weird issue that I'm hoping someone can shed some light 
on.  I've got a dictionary file of words I want to keep from being used 
in passwords but I can't seem to get it to work.  This is what's in my 
kdc.conf file:

-----
[kdcdefaults]
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /var/kerberos/krb5kdc/kadm5.dict
  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
  v4_mode = nopreauth

[realms]
  REALM.COM = {
   #master_key_type = des3-hmac-sha1
   supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal 
des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal 
des-cbc-crc:v4 des-cbc-crc:afs3
  dict_file = /var/kerberos/krb5kdc/kadm5.dict
  }

[logging]
kdc = FILE:/var/log/kdc.log
admin_server = FILE:/var/log/kadmin.log
-----

My kadm5.dict file is like 40MB big, but it's just a list of single 
words, one on each line of the file, nothing special.   I do have 
policies in place, and they work fine, they just don't stop passwords 
with dictionary words in them.  For instance, 'horse78$' works, but the 
'horse' part should make it reject, if I understand this correctly?

Can anyone maybe see something I'm missing?

Thanks in advance!
-erich



More information about the Kerberos mailing list