Key history with LDAP backend?

Abdelkader Chelouah a.chelouah at gmail.com
Mon Jul 20 15:32:30 EDT 2015


On 04/11/2014 19:05, Greg Hudson wrote:
> On 11/04/2014 12:54 PM, Andreas Ntaflos wrote:
>> Hi,
>>
>> I see that the "-history" option for "add_policy" (in kadmin) is not
>> supported when using the LDAP backend for Kerberos [1].
> We expect to have this implemented this for 1.14 (see
> https://github.com/krb5/krb5/pull/132 ) but for now that is true.
>
>> Is there *any* other way to ensure a user doesn't use one of his
>> previous four keys when changing passwords and the Kerberos database is
>> in LDAP?
> You could write a password quality plugin module (see
> http://web.mit.edu/kerberos/krb5-latest/doc/plugindev/index.html ) and
> maintain your own database of password hashes.  You might use
> http://www.eyrie.org/~eagle/software/krb5-strength/
> as a starting point; it contains password history functionality, but
> doesn't provide it for use with MIT krb5.
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
Hello Greg,

Can you confirm that LDAP Backend password history will be implemented 
for 1.14 ? I see no mention of this implementation in

http://k5wiki.kerberos.org/wiki/Release_1.14

Thanks


More information about the Kerberos mailing list