another (different) KDC name resolution question

Russ Allbery rra at stanford.edu
Mon Feb 22 19:32:04 EST 2010


Abe Singer <abe at ligo.caltech.edu> writes:

> Thanks for the pointer to the roadmap.  I'd like to know more about the
> item "plugins for password quality checks."  We're rolling our own mod
> of kadmin that implements libcrack for password checking (I've got a lot
> of good arguments for why that's way better than complexity rules).  I
> was going to submit a patch for consideration.

See also:

    http://www.eyrie.org/~eagle/software/krb5-strength/

which does the same thing except its embedded copy of CrackLib has
stronger rules, since we found Jack the Ripper could guess passwords
passed by CrackLib.

Marcus Watts has a much-improved libkadm5srv patch than the one included
in that package.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list