User-Visible krb5-strength Changes
-krb5-strength 2.2 (unreleased)
+krb5-strength 3.0 (unreleased)
+
+ A password history implementation for Heimdal is now included. This
+ is a separate Perl program, heimdal-history, that stacks with the
+ external program implementation of strength checking. It is not
+ available in the form of a plugin, only as a Heimdal external password
+ quality check. (MIT Kerberos provides its own password history
+ mechanism.) This program has more extensive Perl module dependencies
+ than the other programs in this distribution.
+
+ A new configuration option, minimum_different, can be set to require
+ that passwords contain at least that many unique characters. This can
+ be used to reject long strings of identical characters or short
+ patterns, which may pass other checks but still be too easy to guess.
+
+krb5-strength 2.2 (2013-12-16)
More complex character class requirements can be specified with the
configuration option require_classes. This option lists the character
Close a file descriptor and memory leak in the included version of
CrackLib. This problem was already fixed in CrackLib 2.9.0.
+ Update to rra-c-util 4.12:
+
+ * Properly check the return status of snprintf and friends.
+
+ Update to C TAP Harness 2.3:
+
+ * Suppress lazy plans and test summaries if the test failed with bail.
+ * Add warn_unused_result gcc attributes to relevant functions.
+
krb5-strength 2.1 (2013-10-10)
Fix the package build when CDB support is disabled or TinyCDB was not