cpw ignoring password policies
Greg Hudson
ghudson at mit.edu
Wed Aug 12 11:52:10 EDT 2020
On 8/12/20 5:39 AM, Dario García Díaz-Miguel wrote:
> kadmin -k -t $KEYTABLOCATION -p $SERVICEPRINCIPAL -q "cpw $PRINCIPAL -pw $PASSWORD"
>
> What we found is that this command ignores the password policy assigned to the principal, including all the complexity rules and history options. No matter if the command is launched in a kadmin console interactive mode, policies are totally ignored.
>
> If we use:
>
> kpasswd $PRINCIPAL
That's unexpected, and it's not the behavior I see in a test environment:
$ kadmin.local addpol -minlength 6 testpol
$ kadmin.local modprinc -policy testpol user
$ kadmin -k -p user/admin cpw -pw pw user
change_password: Password is too short while changing password for
"user at KRBTEST.COM".
$ kadmin.local cpw -pw pw user
change_password: Password is too short while changing password for
"user at KRBTEST.COM".
What software and version is running on the kadmin server?
More information about the Kerberos
mailing list