[1653] in Kerberos_V5_Development
Re: default dictionary file?
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Wed Aug 28 16:27:53 1996
Date: Wed, 28 Aug 1996 16:27:50 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: epeisach@MIT.EDU
Cc: krbdev@MIT.EDU
In-Reply-To: <9608282023.AA11757@kangaroo.mit.edu> (message from Ezra Peisach
on Wed, 28 Aug 1996 16:23:54 EDT)
I would think that if a sysadmin said that there is a dictionary and none is
present, then the system should scream loudly and not start up as it
increases the potential for someone to choose a poor password.
Don Davis suggested in private email that it scream loudly, but not
fail to start up. I was thinking it should print to stdout, in
addition to syslog... but of course on a reboot that won't be seen.
Not sure what the right thing to do is.
Of course, what should be the action if the system starts up, then the
sysadmin deletes the dictionary - should kadmin not allow a password
file change?
kadmind reads the password dictionary into memory on startup, and
never uses the file again. This could possibly be a problem with a
very large dictionary, of course; if anyone complains, we can change
the implementation. But for now, if the file is deleted, nothing will
change until kadmind exits.
Barry
