User-Visible krb5-strength Changes
-krb5-strength 2.0 (unreleased)
+krb5-strength 2.1 (2013-10-10)
+
+ Fix the package build when CDB support is disabled or TinyCDB was not
+ found.
+
+ Some of the password rejection error messages have been changed to
+ make them more accurate or comprehensible to the user.
+
+ Passing --with-tinycdb to configure now correctly makes TinyCDB
+ support mandatory without adding bogus directories to the library and
+ include search paths.
+
+krb5-strength 2.0 (2013-10-07)
Add support for the MIT Kerberos password quality plugin interface,
available in MIT Kerberos 1.9 and later, contributed by Greg Hudson
letter (upper or lower case) or a space.
The plugin can now be configured without a dictionary, in which case
- only the simpler checks available through the new configuration
- variables are done. This mode is mostly useful for testing, since
- such simple checking can more easily be done via less complex password
- strength configurations.
+ only checks for a password based on the principal and the simpler
+ checks available through the new configuration variables are done.
+ This mode is mostly useful for testing, since such simple checking can
+ more easily be done via less complex password strength configurations.
+
+ The check for passwords based on the principal now check for passwords
+ formed by reversing or adding numbers before and after each separate
+ component of the principal. This will catch passwords based on the
+ realm or components of the realm, which will often catch passwords
+ based on the name of the local institution.
The plugin now sets the Kerberos error message in the context to pass
error information, resulting in higher-quality error reporting in the