1 krb5-passwd-strength for Debian
2 -------------------------------
4 This plugin requires a patched kadmind that loads plugins for password
5 strength checking. This code will hopefully be in a future official
6 release of MIT Kerberos.
8 With that code, a sample kdc.conf file using this plugin looks like:
12 database_name = /usr/local/var/krb5kdc/principal
13 admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
14 acl_file = /usr/local/var/krb5kdc/kadm5.acl
15 key_stash_file = /usr/local/var/krb5kdc/stash
18 max_renewable_life = 7d 0h 0m 0s
19 default_principal_flags = +preauth
20 pwcheck_plugin = /usr/local/var/krb5kdc/kadmin_plugin.so
21 dict_file = /usr/local/var/krb5kdc/dict
24 dict_file is a prefix for cracklib dicts you have now, e.g.
25 /usr/local/var/krb5kdc/dict.pwd, .pwi, etc.
27 You will need to have any policy apply to the principal in order for this
28 module to be enforced, as a result of how kadmin works (if there is no
29 policy applying either by default or to the principal, password quality is
32 -- Russ Allbery <rra@debian.org>, Sat, 24 Jun 2006 18:31:34 z