login policy plugins? (was Re: Lists of LDAP requirements

Russ Allbery rra at stanford.edu
Thu Jul 20 02:41:06 EDT 2006

Nicolas Williams <Nicolas.Williams at sun.com> writes:

> Good point.  The proposed password/key set/change protocol allows for
> extensible password quality policies.  It'd be nice if MIT krb5
> supported that.

For password quality, what sort of support are you looking for other than
support for a user-supplied password-checking plugin?  (I say this as a
Kerberos administrator for a site that cannot use anything less; the only
language suitable for encoding our password quality policy is a full-blown
programming language that can call out to such libraries as cracklib.
Once you have that, is there really anything lesser that's of much use?)

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the krbdev mailing list