pwqual builtin plugins not working

David Shrimpton d.shrimpton at its.uq.edu.au
Wed May 15 00:58:06 EDT 2013


Adding "princ" and "dict" pwqual plugin settings to krb5.conf
and a dict_file setting to realm in realms section of kdc.conf
and restarting kdc and kadmind on MIT 1.11 kerberos installation
doesn't appear to stop the principal name or dictionary words
being set as password using 'kadmin cpw'

eg krb5.conf

[plugins]
        pwqual = {
                disable = empty
                enable_only = princ
                enable_only = dict
        }

Using "enable_only = empty" or "disable = empty"
does however control whether an empty password can be set.

Is there some other configuration or compilation
setting that is needed to enable the princ and dict builtin plugins ?


More information about the Kerberos mailing list