X-Git-Url: https://git.eyrie.org/?a=blobdiff_plain;f=NEWS;h=72be2f3a14f4f771aa4391a6522a87159edc1bfd;hb=refs%2Fheads%2Fdebian%2Fsqueeze;hp=4c3b208100d6241738d31232c161ad76c2a5c6b3;hpb=7b18a8cf8fbd3097ae874d76c6cc9a855f4e5e4b;p=kerberos%2Fkrb5-strength.git

diff --git a/NEWS b/NEWS
index 4c3b208..72be2f3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,45 @@
                     User-Visible krb5-strength Changes
 
+krb5-strength 3.0 (2014-03-25)
+
+    The krb5-strength plugin and heimdal-strength program now support a
+    SQLite password dictionary.  This format of dictionary can detect any
+    password within edit distance one of a dictionary word, meaning that
+    the dictionary word can be formed by adding, removing, or changing a
+    single character in the password.  A SQLite password dictionary can be
+    used alone or in combination with any of the other supported
+    dictionary types.  SQLite dictionary support is based on work by David
+    Mazières.
+
+    cdbmake-wordlist has been renamed to krb5-strength-wordlist.
+    Generating CDB dictionaries now requires the -c option; see the
+    documentation for more information.  A SQLite database of dictionary
+    words can now be created instead, using the -s option.
+
+    A password history implementation for Heimdal is now included.  This
+    is a separate Perl program, heimdal-history, that stacks with the
+    external program implementation of strength checking.  It is not
+    available in the form of a plugin, only as a Heimdal external password
+    quality check.  (MIT Kerberos provides its own password history
+    mechanism.)  This program has more extensive Perl module dependencies
+    than the other programs in this distribution.
+
+    A new configuration option, minimum_different, can be set to require
+    that passwords contain at least that many unique characters.  This can
+    be used to reject long strings of identical characters or short
+    patterns, which may pass other checks but still be too easy to guess.
+
+    Update to rra-c-util 5.4:
+
+    * Fix portable/krb5.h build with a C++ compiler.
+    * Use Lancaster Consensus environment variables to control tests.
+    * Work around perltidy bug that leaves behind stray log files.
+
+    Update to C TAP Harness 3.0:
+
+    * Reopen standard input to /dev/null when running a test list.
+    * Don't leak extraneous file descriptors to tests.
+
 krb5-strength 2.2 (2013-12-16)
 
     More complex character class requirements can be specified with the