[4584] in Kerberos
Re: Should I restrict 'kinit' access
daemon@ATHENA.MIT.EDU (Steve Omand)
Thu Feb 9 09:16:27 1995
To: kerberos@MIT.EDU
Date: Thu, 09 Feb 95 08:59:36 EST
From: Steve Omand <omand@athena.tay.dec.com>
--------
I strongly agree with Marc ...
->
-> The moral of this story is to use good passwords, so brute force
-> attacks aren't a real threat.
->
In fact...
In our implementation of K5, we have added administration features
so that the administrator can set minimum password lengths, password aging,
dictionary password validation, checking new passwords against recently
used passwords. In other words, the types of features we came to expect in
the central timeshared computing environment. Kerberos alone won't provide
a secure distributed environment; admin tools and well defined and implemented
password policy are required too.
Security = policy AND tools AND technology
/sao
