2 heimdal-strength Heimdal CrackLib krb5.conf krb5-strength Allbery
6 heimdal-strength - Heimdal password quality check embedding CrackLib
10 B<heimdal-strength> [I<principal>]
14 B<heimdal-strength> is an external password quality check program for
15 Heimdal that verifies the strength of a password using an embedded copy of
16 CrackLib, with some modifications to increase the aggressiveness of its
17 rules. It is normally run via kpasswdd(8) using the Heimdal password
18 quality check interface rather than directly.
20 To use this program, the path to a CrackLib database must be configured in
21 krb5.conf via the C<password_dictionary> setting in C<[appdefaults]>. It
22 uses the application name C<krb5-strength> when trying to find this
23 setting. A typical setting would be:
26 password_dictionary = /usr/local/lib/kadmind/dictionary
29 B<heimdal-strength> then expects the Heimdal password quality check
30 information on standard input, specifically:
32 principal: <principal>
33 new-password: <password>
36 where <principal> is the principal whose password would be changed and
37 <password> is the new password. If the password appears to be strong, it
38 prints C<APPROVED> on standard output and exits with a status of 0. If
39 the password is rejected as being too weak, it will print the reason for
40 rejecting the password on standard error and exit with a status of 0. If
41 some fatal error occurs, it will print that error to standard error and
42 exit with a non-zero status.
46 kadm5-strength(3), kpasswdd(8), krb5.conf(5)
48 The "Password changing" section of the Heimdal info documentation
49 describes the interface that this program implements and how to configure
52 The current version of this program is available from its web page at
53 L<http://www.eyrie.org/~eagle/software/krb5-strength/> as part of the
54 krb5-strength package.
58 Russ Allbery <rra@stanford.edu>
projects / kerberos / krb5-strength.git / blob