[571] in Kerberos
Re: password checking
daemon@TELECOM.MIT.EDU (Jerome H. Saltzer)
Sun Jan 8 01:06:46 1989
To: Jeffrey I. Schiller <jis@ATHENA.MIT.EDU>
Cc: kit@ATHENA.MIT.EDU, mar@ATHENA.MIT.EDU, sms-dev@ATHENA.MIT.EDU,
In-Reply-To: Jeffrey I. Schiller <jis@ATHENA.MIT.EDU>'s message of Sat, 7 Jan 89 17:15:15 EST
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
> If register does any password quality enforcement (or even
> recommendation) the "passwd" command should do the same (and with the
> same rules).
If two password-setting programs have to be kept coordinated, there
may someday be three. Would someone care to argue against having the
quality checks done centrally, by Kerberos? Let me try the argument
for.
Centralized checking assures uniformity. Also, if someone notices
that an additional quality check has a high payoff, it can be
incorporated quickly at Kerberos, rather than requiring coordinated
release of two or more subsystems, one to a locker and one to /srvd/.
There is another consideration: one may want the ability to REQUIRE
that certain users (e.g., staff members) use hard-to-guess passwords,
while allowing others (e.g., students) to get away with
easy-to-remember passwords. I would guess this distinction would be
implemented by a flag in the Kerberos record for each user. Since a
user can supply his or her own version of passwd, the only way to
enforce such a requirement would be to have Kerberos do the quality
check.
In fact, it seems to me that one might want to have Kerberos enforce
one of several levels of quality on passwords on a per-user basis.
0. Anything, including <return>
1. Anything but <return>
2. Four or more characters
3. Non-guessable by rules currently being proposed
4. Non-guessable, eight or more characters, and different
from your three most recently used passwords.
5. Eight characters, all consonants.
Jerry
