User-Visible krb5-strength Changes
-krb5-strength 2.1 (unreleased)
+krb5-strength 3.0 (unreleased)
+
+ A password history implementation for Heimdal is now included. This
+ is a separate Perl program, heimdal-history, that stacks with the
+ external program implementation of strength checking. It is not
+ available in the form of a plugin, only as a Heimdal external password
+ quality check. (MIT Kerberos provides its own password history
+ mechanism.) This program has more extensive Perl module dependencies
+ than the other programs in this distribution.
+
+ A new configuration option, minimum_different, can be set to require
+ that passwords contain at least that many unique characters. This can
+ be used to reject long strings of identical characters or short
+ patterns, which may pass other checks but still be too easy to guess.
+
+krb5-strength 2.2 (2013-12-16)
+
+ More complex character class requirements can be specified with the
+ configuration option require_classes. This option lists the character
+ classes the password must contain. These restrictions may be
+ qualified with password length ranges, allowing the requirements to
+ change with the length of the password. See README for more details
+ and the option syntax.
+
+ cdbmake-wordlist now supports filtering out words based on maximum
+ length (-L) and arbitrary user-provided regular expressions (-x). It
+ also supports running in filter mode to produce a new wordlist instead
+ of a CDB file (-o).
+
+ Close a file descriptor and memory leak in the included version of
+ CrackLib. This problem was already fixed in CrackLib 2.9.0.
+
+ Update to rra-c-util 4.12:
+
+ * Properly check the return status of snprintf and friends.
+
+ Update to C TAP Harness 2.3:
+
+ * Suppress lazy plans and test summaries if the test failed with bail.
+ * Add warn_unused_result gcc attributes to relevant functions.
+
+krb5-strength 2.1 (2013-10-10)
+
+ Fix the package build when CDB support is disabled or TinyCDB was not
+ found.
Some of the password rejection error messages have been changed to
make them more accurate or comprehensible to the user.
+ Passing --with-tinycdb to configure now correctly makes TinyCDB
+ support mandatory without adding bogus directories to the library and
+ include search paths.
+
krb5-strength 2.0 (2013-10-07)
Add support for the MIT Kerberos password quality plugin interface,