1 User-Visible krb5-strength Changes
3 krb5-strength 1.1 (2012-05-11)
5 Change the minimum password length in the embedded CrackLib to 8.
7 Reject passwords formed from the username portion of the principal
10 In the embedded CrackLib, also check for a duplicated dictionary word.
12 Support linking with the system CrackLib instead of the embedded and
13 stricter copy by passing --with-cracklib to configure.
15 Fix variable sizes in the embedded CrackLib on 64-bit platforms. This
16 may fix interoperability problems with databases created on platforms
17 with a different native integer size. Thanks, Karl Lehnberger and
20 Stop using local in the test suite for portability to Solaris /bin/sh.
22 Update to rra-c-util 4.4:
24 * Use PATH_KRB5_CONFIG to override krb5-config location.
25 * Fix probing for ibm_svc/krb5_svc.h on AIX.
26 * Support Heimdal libraries without libroken, like OpenBSD.
27 * Fix manual Kerberos library probing without transitive dependencies.
28 * Support systems that only have krb5/krb5.h.
29 * Pass --deps to krb5-config in the non-reduced-dependencies case.
30 * Silence __attribute__ warnings on more compilers.
31 * Update warning flags for make warnings.
32 * Flesh out MAINTCLEANFILES to remove autogen results.
33 * Add notices to all files copied from rra-c-util.
35 Update to C TAP Harness 1.12:
37 * Drop is_double from the C TAP library to avoid requiring -lm.
38 * Avoid using local in the shell libtap.sh library.
39 * Silence __attribute__ warnings on more compilers.
40 * runtests now frees all allocated resources on exit.
41 * Fix runtests to still honor SOURCE and -s without BUILD and -b.
42 * Add tests/HOWTO documenting how to add new tests.
43 * Ensure correct output ordering in test results.
44 * Add -h and a better usage message to tests/runtests.
46 krb5-strength 1.0 (2010-02-16)
48 Add heimdal-strength, a program that checks password strength using
49 the protocol for a Heimdal external check program.
51 The shared module now also exports the interface expected by Heimdal's
52 dynamically loaded password strength checking API and can be used as a
53 Heimdal kadmin plugin.
55 Add a new plugin API for MIT Kerberos modelled after the plugin API
56 used for other MIT Kerberos plugins. Thanks to Marcus Watts for
57 substantial research and contributions to the interface design. This
58 work is incomplete in this release, missing the corresponding patch to
61 Fixed the data format written by the included packer program to add
62 enough nul bytes at the end of the data. Previously, there was not
63 enough trailing nul bytes for the expected input format, leading to
64 uninitialized memory reads in the password lookup.
66 Add a test suite using the driver and library from C TAP Harness 1.1.
68 Add portability code for platforms without a working snprintf or other
69 deficiencies and updated the code to take advantage of those
72 krb5-strength 0.5 (2007-07-18)
74 The check of the password against the principal checked against the
75 fully-qualified principal, which is not the usual problem.
76 Additionally check that the password doesn't match the principal with
77 the realm removed or the reverse of that (case-insensitive).
79 krb5-strength 0.4 (2007-03-28)
81 The patches directory was omitted from the distribution. Really
84 krb5-strength 0.3 (2007-03-23)
86 Initial public release. Includes a patch for MIT Kerberos, a slightly
87 modified version of CrackLib, and glue wrapped around CrackLib to make