User-Visible krb5-strength Changes
-krb5-strength 3.0 (unreleased)
+krb5-strength 3.0 (2014-03-25)
+
+ The krb5-strength plugin and heimdal-strength program now support a
+ SQLite password dictionary. This format of dictionary can detect any
+ password within edit distance one of a dictionary word, meaning that
+ the dictionary word can be formed by adding, removing, or changing a
+ single character in the password. A SQLite password dictionary can be
+ used alone or in combination with any of the other supported
+ dictionary types. SQLite dictionary support is based on work by David
+ Mazières.
+
+ cdbmake-wordlist has been renamed to krb5-strength-wordlist.
+ Generating CDB dictionaries now requires the -c option; see the
+ documentation for more information. A SQLite database of dictionary
+ words can now be created instead, using the -s option.
A password history implementation for Heimdal is now included. This
is a separate Perl program, heimdal-history, that stacks with the
be used to reject long strings of identical characters or short
patterns, which may pass other checks but still be too easy to guess.
- Update to rra-c-util 5.3:
+ Update to rra-c-util 5.4:
* Fix portable/krb5.h build with a C++ compiler.
+ * Use Lancaster Consensus environment variables to control tests.
+ * Work around perltidy bug that leaves behind stray log files.
Update to C TAP Harness 3.0: