[16189] in Kerberos_V5_Development
Re: Pasword quality pluggable interface project review
daemon@ATHENA.MIT.EDU (Russ Allbery)
Sun Aug 29 22:36:08 2010
From: Russ Allbery <rra@stanford.edu>
To: krbdev@mit.edu
In-Reply-To: <201008291616.o7TGGxum009115@outgoing.mit.edu> (ghudson@mit.edu's
message of "Sun, 29 Aug 2010 12:16:59 -0400 (EDT)")
Date: Sun, 29 Aug 2010 19:36:04 -0700
Message-ID: <8762ysddyj.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
ghudson@MIT.EDU writes:
> * Add a string result argument to the check method (to be set to
> NULL if the password passes quality checks), in the hopes that a
> module-generated explanation could be conveyed to the user. No
> idea how this would ever be localized, though. Also, the password
> change protocol doesn't appear to have a way to communicate such
> errors (looking at our implementation, anyway), so such strings
> would only show up in the kadmind log.
The password change protocol definitely supports conveying password errors
all the way back to the client. Here's an example with three different
string errors returned by the krb5-strength implementation (admittedly
with Heimdal, but that doesn't change the protocol issue).
windlord:~> kpasswd thoron
thoron@stanford.edu's Password:
New password for thoron@stanford.edu:
Verifying - New password for thoron@stanford.edu:
Soft error : External password quality program failed: it's WAY too short
windlord:~> kpasswd thoron
thoron@stanford.edu's Password:
New password for thoron@stanford.edu:
Verifying - New password for thoron@stanford.edu:
Soft error : External password quality program failed: it is too short
windlord:~> kpasswd thoron
thoron@stanford.edu's Password:
New password for thoron@stanford.edu:
Verifying - New password for thoron@stanford.edu:
Soft error : External password quality program failed: it does not contain enough DIFFERENT characters
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
