another (different) KDC name resolution question
Russ Allbery
rra at stanford.edu
Mon Feb 22 19:32:04 EST 2010
Abe Singer <abe at ligo.caltech.edu> writes:
> Thanks for the pointer to the roadmap. I'd like to know more about the
> item "plugins for password quality checks." We're rolling our own mod
> of kadmin that implements libcrack for password checking (I've got a lot
> of good arguments for why that's way better than complexity rules). I
> was going to submit a patch for consideration.
See also:
http://www.eyrie.org/~eagle/software/krb5-strength/
which does the same thing except its embedded copy of CrackLib has
stronger rules, since we found Jack the Ripper could guess passwords
passed by CrackLib.
Marcus Watts has a much-improved libkadm5srv patch than the one included
in that package.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list