[32086] in Kerberos
Re: another (different) KDC name resolution question
daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Feb 22 19:32:18 2010
From: Russ Allbery <rra@stanford.edu>
To: Abe Singer <abe@ligo.caltech.edu>
In-Reply-To: <20100223002844.GH60489@ligo.caltech.edu> (Abe Singer's message
of "Mon, 22 Feb 2010 16:28:45 -0800")
Date: Mon, 22 Feb 2010 16:32:04 -0800
Message-ID: <87y6ikyepn.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: Tom Yu <tlyu@mit.edu>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Abe Singer <abe@ligo.caltech.edu> writes:
> Thanks for the pointer to the roadmap. I'd like to know more about the
> item "plugins for password quality checks." We're rolling our own mod
> of kadmin that implements libcrack for password checking (I've got a lot
> of good arguments for why that's way better than complexity rules). I
> was going to submit a patch for consideration.
See also:
http://www.eyrie.org/~eagle/software/krb5-strength/
which does the same thing except its embedded copy of CrackLib has
stronger rules, since we found Jack the Ripper could guess passwords
passed by CrackLib.
Marcus Watts has a much-improved libkadm5srv patch than the one included
in that package.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
