policy character classes
Paul DiSciascio
thenut at bytemonkey.net
Mon Aug 20 08:01:47 EDT 2012
The kadmin documentation describes 5 character classes recognized by
password policy: uppercase, lowercase, numbers, punctuation, and other.
That last one is causing me a lot of heartache at the moment. Is there
a way to disable the fifth class, or specifically require each of the
first four?
I ask because my understanding of the 5th class is that it is entirely
non-printable characters. A password policy that requires all 5 will be
difficult for a user to comply with since non-printable characters are
hard (sometimes impossible) to type. But a password policy that
requires 4 of the 5 leaves open the possibility of excluding one of the
first 4 if a user actually manages to enter something that falls into
that last class. It's very common for company policies, for example, to
require a number in password. In this scheme, that's not possible to
enforce unless you require all 5.
Is there another way to tackle this or is there something that I'm
missing here?
Thanks,
Paul
More information about the Kerberos
mailing list