--- /dev/null
+krb5-passwd-strength for Debian
+-------------------------------
+
+This plugin requires a patched kadmind that loads plugins for password
+strength checking. This code will hopefully be in a future official
+release of MIT Kerberos.
+
+With that code, a sample kdc.conf file using this plugin looks like:
+
+[realms]
+ EXAMPLE.ORG = {
+ database_name = /var/lib/krb5kdc/principal
+ admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+ acl_file = /etc/krb5kdc/kadm5.acl
+ key_stash_file = /etc/krb5kdc/stash
+ kdc_ports = 750,88
+ max_life = 10h 0m 0s
+ max_renewable_life = 7d 0h 0m 0s
+ default_principal_flags = +preauth
+ pwcheck_plugin = /usr/lib/kadmind/passwd_strength.so
+ dict_file = /usr/lib/kadmind/dictionary
+ }
+
+dict_file is a prefix for the CrackLib dictionary files. You can generate
+those files using the utilities in cracklib-runtime.
+
+You will need to have any policy apply to the principal in order for this
+module to be enforced, as a result of how kadmin works (if there is no
+policy applying either by default or to the principal, password quality is
+not checked).
+
+ -- Russ Allbery <rra@debian.org>, Fri, 23 Mar 2007 15:23:43 z
--- /dev/null
+krb5-strength (0.5-1) unstable; urgency=low
+
+ * New upstream release.
+ - More checks for passwords based on the principal.
+
+ -- Russ Allbery <rra@debian.org> Wed, 18 Jul 2007 23:16:37 -0700
+
+krb5-strength (0.3-1) unstable; urgency=low
+
+ * New upstream release with a different name.
+ - Many cleanups to the code and build system.
+ - Unnecessary differences from CrackLib removed.
+ - Some Debian CrackLib patches applied for robustness.
+ * Updated README.Debian with a better example kdc.conf entry.
+ * No longer install the packer binary. We can use the one from
+ cracklib-runtime.
+
+ -- Russ Allbery <rra@debian.org> Fri, 23 Mar 2007 15:27:50 -0700
+
+krb5-passwd-strength (0.2-1) unstable; urgency=low
+
+ * Initial release.
+
+ -- Russ Allbery <rra@debian.org> Thu, 22 Jun 2006 15:07:03 -0700
+
--- /dev/null
+Source: krb5-strength
+Section: net
+Priority: extra
+Maintainer: Russ Allbery <rra@debian.org>
+Build-Depends: debhelper (>= 4)
+Standards-Version: 3.7.2
+
+Package: krb5-strength
+Architecture: any
+Depends: ${shlibs:Depends}
+Recommends: krb5-admin-server
+Description: MIT Kerberos KDC plugin for password strength checking
+ This plugin checks passwords set via kadmin either through new account
+ creation or password changes. It rejects passwords that fit common
+ patterns and then uses an embedded version of CrackLib to reject
+ passwords based on dictionary words. No dictionary is shipped with this
+ package; a dictionary package must be installed separately.
--- /dev/null
+Debianized by Russ Allbery <rra@debian.org> 2006-06-22
+
+The source was provided by Sine Nomine and is not currently publicly
+available, although will be in the future.
+
+Upstream authors:
+
+ Derrick Brashear <shadow@dementia.org>, based on previous work done
+ by Booker Bense <bbense@stanford.edu>. It contains code from CrackLib
+ by Alec Muffett, but which has since somewhat diverged.
+
+Debian packaging copyright:
+
+ Copyright 2006 Board of Trustees, Leland Stanford Jr. University. All
+ rights reserved.
+
+ Permission to use, copy, modify, and distribute this software and its
+ documentation for any purpose and without fee is hereby granted,
+ provided that the above copyright notice appear in all copies and that
+ both that copyright notice and this permission notice appear in
+ supporting documentation, and that the name of Stanford University not
+ be used in advertising or publicity pertaining to distribution of the
+ software without specific, written prior permission. Stanford
+ University makes no representations about the suitability of this
+ software for any purpose. It is provided "as is" without express or
+ implied warranty.
+
+ THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
+ WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+Copyright:
+
+ Copyright 1992, 1994, 1996, 1999, 2003, 2004, 2005, 2006 Board of
+ Trustees, Leland Stanford Jr. University. All rights reserved.
+
+ Permission to use, copy, modify, and distribute this software and its
+ documentation for any purpose and without fee is hereby granted,
+ provided that the above copyright notice appear in all copies and that
+ both that copyright notice and this permission notice appear in
+ supporting documentation, and that the name of Stanford University not
+ be used in advertising or publicity pertaining to distribution of the
+ software without specific, written prior permission. Stanford
+ University makes no representations about the suitability of this
+ software for any purpose. It is provided "as is" without express or
+ implied warranty.
+
+ THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
+ WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+CrackLib is:
+
+ Copyright 1993 Alec Muffett
+
+ The author disclaims all responsibility or liability with respect to
+ it's usage or its effect upon hardware or computer systems, and
+ maintains copyright as set out in the "LICENCE" document which
+ accompanies distributions of Crack v4.0 and upwards.
+
+CrackLib is licensed under the Artistic License, which may be found on
+Debian systems in /usr/share/common-licenses/Artistic.
--- /dev/null
+#!/usr/bin/make -f
+# Based on sample debian/rules that uses debhelper.
+# GNU copyright 1997 by Joey Hess.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+TMP = $(CURDIR)/debian/krb5-strength
+
+CFLAGS=-g -Wall
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+ CCOPTS += -O0
+else
+ CCOPTS += -O2
+endif
+
+# Tell Autoconf the correct system types.
+DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+ SYSTEM = --build $(DEB_HOST_GNU_TYPE)
+else
+ SYSTEM = --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
+endif
+
+configure-stamp:
+ dh_testdir
+ ./configure CFLAGS="$(CFLAGS)" --prefix=/usr $(SYSTEM)
+ touch configure-stamp
+
+build: build-arch build-indep
+build-arch: configure-stamp build-stamp
+build-indep:
+build-stamp:
+ dh_testdir
+ $(MAKE)
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f configure-stamp build-stamp
+ [ ! -f Makefile ] || $(MAKE) distclean
+ dh_clean
+
+install:
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ $(MAKE) install DESTDIR=$(TMP)
+ rm -f $(TMP)/usr/lib/kadmind/passwd_strength.la
+
+binary: binary-arch binary-indep
+binary-indep:
+binary-arch: install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs NEWS
+ dh_installdocs README TODO
+ dh_link
+ dh_strip
+ dh_compress
+ dh_fixperms
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+.PHONY: binary binary-arch binary-indep build build-arch build-indep
+.PHONY: install