[7054] in Kerberos
Re: Enforcing password policy
daemon@ATHENA.MIT.EDU (Anne Anderson)
Wed Apr 10 09:06:30 1996
To: kerberos@MIT.EDU
Date: Wed, 10 Apr 1996 12:38:21 GMT
From: aha@apollo.hp.com (Anne Anderson)
Date: Tue, 9 Apr 1996 13:15:11 -0400 (EDT)
From: Dennis Putnam <putnamd@atlodbs1.hayes.com>
How are various password policies enforced?
If you use a DCE Security Server as your Kerberos KDC, you get the
password policy protection offered by DCE. This comes in two
flavors.
1) Built in to the DCE Registry: you can specify minimum password
length, whether password can be all alphanumeric
2) Password Management Server: you can require a user to use a
system-generated password, or you can require special password
strength checks that are vendor-dependent. The HP DCE Password
Management Server implements the SecureWare password strength
tests (password not in dictionary, password not match to any
principal or group name, password contains at least one
non-alphanumeric character, etc.)
Anne H. Anderson aha@apollo.hp.com "Any great change must expect
Networked Computing Div. 508/436-5707 opposition because it shakes the
Hewlett-Packard Company HP TN 436-5707 very foundation of privilege."
Chelmsford, MA USA -- Lucretia Mott, 1853
