Options for enforcing password policies

Dagobert Michelsen dam at opencsw.org
Wed May 22 09:58:07 EDT 2013

Hi Jason,

Am 22.05.2013 um 15:41 schrieb "Edgecombe, Jason" <jwedgeco at uncc.edu>:
> What options are available for enforcing password policies for an MIT kerberos realm?

This is documented here:

> The passwords policies would:
> * passwords must be a minimum length

This would be -minlength

> * passwords must contain at least one upper case letter, lowercase letter, number, and a special character.

This is similar to -minclasses

> * passwords may not contain certain characters, like unicode or some ACSII characters

To my knowledge this is not possible, but I also don't see a reason to limit it.

> * password must expire every X days and be changed. How would Linux & windows clients handle that?

This is -maxlife

> * the previous X passwords may not be reused.

This is -history

Best regards

  -- Dago

"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896

More information about the Kerberos mailing list