pwqual builtin plugins not working

David Shrimpton d.shrimpton at
Wed May 15 00:58:06 EDT 2013

Adding "princ" and "dict" pwqual plugin settings to krb5.conf
and a dict_file setting to realm in realms section of kdc.conf
and restarting kdc and kadmind on MIT 1.11 kerberos installation
doesn't appear to stop the principal name or dictionary words
being set as password using 'kadmin cpw'

eg krb5.conf

        pwqual = {
                disable = empty
                enable_only = princ
                enable_only = dict

Using "enable_only = empty" or "disable = empty"
does however control whether an empty password can be set.

Is there some other configuration or compilation
setting that is needed to enable the princ and dict builtin plugins ?

More information about the Kerberos mailing list