=for stopwords heimdal-strength Heimdal CrackLib krb5-strength Allbery =head1 NAME heimdal-strength - Heimdal password quality check embedding CrackLib =head1 SYNOPSIS B [I] =head1 DESCRIPTION B is an external password quality check program for Heimdal that verifies the strength of a password using an embedded copy of CrackLib, with some modifications to increase the aggressiveness of its rules. It is normally run via kpasswdd(8) using the Heimdal password quality check interface rather than directly. To use this program, the path to a CrackLib database must be configured in F via the C setting in C<[appdefaults]>. It uses the application name C when trying to find this setting. A typical setting would be: krb5-strength = { password_dictionary = /usr/local/lib/kadmind/dictionary } B then expects the Heimdal password quality check information on standard input, specifically: principal: new-password: end where is the principal whose password would be changed and is the new password. If the password appears to be strong, it prints C on standard output and exits with a status of 0. If the password is rejected as being too weak, it will print the reason for rejecting the password on standard error and exit with a status of 0. If some fatal error occurs, it will print that error to standard error and exit with a non-zero status. =head1 SEE ALSO kadm5-strength(3), kpasswdd(8), krb5.conf(5) The "Password changing" section of the Heimdal info documentation describes the interface that this program implements and how to configure Heimdal to use it. The current version of this program is available from its web page at L as part of the krb5-strength package. =head1 AUTHOR Russ Allbery =head1 COPYRIGHT AND LICENSE Copyright 2010, 2013 The Board of Trustees of the Leland Stanford Junior University Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without any warranty. =cut