Options for enforcing password policies
Dagobert Michelsen
dam at opencsw.org
Wed May 22 09:58:07 EDT 2013
Hi Jason,
Am 22.05.2013 um 15:41 schrieb "Edgecombe, Jason" <jwedgeco at uncc.edu>:
> What options are available for enforcing password policies for an MIT kerberos realm?
This is documented here:
http://web.mit.edu/kerberos/krb5-devel/doc/admin/admin_commands/kadmin_local.html#add-policy
> The passwords policies would:
> * passwords must be a minimum length
This would be -minlength
> * passwords must contain at least one upper case letter, lowercase letter, number, and a special character.
This is similar to -minclasses
> * passwords may not contain certain characters, like unicode or some ACSII characters
To my knowledge this is not possible, but I also don't see a reason to limit it.
> * password must expire every X days and be changed. How would Linux & windows clients handle that?
This is -maxlife
> * the previous X passwords may not be reused.
This is -history
Best regards
-- Dago
--
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896
More information about the Kerberos
mailing list