[32088] in Kerberos
Re: another (different) KDC name resolution question
daemon@ATHENA.MIT.EDU (Tom Yu)
Mon Feb 22 23:34:28 2010
To: Russ Allbery <rra@stanford.edu>
From: Tom Yu <tlyu@mit.edu>
Date: Mon, 22 Feb 2010 23:34:02 -0500
In-Reply-To: <87y6ikyepn.fsf@windlord.stanford.edu> (Russ Allbery's message of
"Mon, 22 Feb 2010 16:32:04 -0800")
Message-ID: <ldvaav0o9j9.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Russ Allbery <rra@stanford.edu> writes:
> Abe Singer <abe@ligo.caltech.edu> writes:
>
>> Thanks for the pointer to the roadmap. I'd like to know more about the
>> item "plugins for password quality checks." We're rolling our own mod
>> of kadmin that implements libcrack for password checking (I've got a lot
>> of good arguments for why that's way better than complexity rules). I
>> was going to submit a patch for consideration.
>
> See also:
>
> http://www.eyrie.org/~eagle/software/krb5-strength/
>
> which does the same thing except its embedded copy of CrackLib has
> stronger rules, since we found Jack the Ripper could guess passwords
> passed by CrackLib.
>
> Marcus Watts has a much-improved libkadm5srv patch than the one included
> in that package.
Is there a recent pointer to this patch by Marcus Watts?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
