Options for enforcing password policies
dam at opencsw.org
Wed May 22 09:58:07 EDT 2013
Am 22.05.2013 um 15:41 schrieb "Edgecombe, Jason" <jwedgeco at uncc.edu>:
> What options are available for enforcing password policies for an MIT kerberos realm?
This is documented here:
> The passwords policies would:
> * passwords must be a minimum length
This would be -minlength
> * passwords must contain at least one upper case letter, lowercase letter, number, and a special character.
This is similar to -minclasses
> * passwords may not contain certain characters, like unicode or some ACSII characters
To my knowledge this is not possible, but I also don't see a reason to limit it.
> * password must expire every X days and be changed. How would Linux & windows clients handle that?
This is -maxlife
> * the previous X passwords may not be reused.
This is -history
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896
More information about the Kerberos