Update some of the password rejection error messages

Refer to "list of common passwords" when rejecting passwords due
to presence in a CDB dictionary, and say that passwords based on
the principal are based on "username or principal" to be more
technically accurate.

diff --git a/NEWS b/NEWS
index e2916263cd1a01ea18eaef64299556350bc1830e..0c449f08a9ebaf38e0c3d85fb77bcce2abf2486e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,10 @@
                     User-Visible krb5-strength Changes
 
+krb5-strength 2.1 (unreleased)
+
+    Some of the password rejection error messages have been changed to
+    make them more accurate or comprehensible to the user.
+
 krb5-strength 2.0 (2013-10-07)
 
     Add support for the MIT Kerberos password quality plugin interface,

diff --git a/plugin/internal.h b/plugin/internal.h
index 1ae5f3f1f0a549c5d2ae07943c401db827f319aa..7872e80f8419c74d81a6c47656dd16911cc026ce 100644 (file)
--- a/plugin/internal.h
+++ b/plugin/internal.h
@@ -29,10 +29,10 @@ typedef struct krb5_pwqual_moddata_st *krb5_pwqual_moddata;
 
 /* Error strings returned (and displayed to the user) for various failures. */
 #define ERROR_ASCII    "password contains non-ASCII or control characters"
-#define ERROR_DICT     "password is based on a dictionary word"
+#define ERROR_DICT     "password found in list of common passwords"
 #define ERROR_LETTER   "password is only letters and spaces"
 #define ERROR_SHORT    "password is too short"
-#define ERROR_USERNAME "password based on username"
+#define ERROR_USERNAME "password based on username or principal"
 
 /*
  * MIT Kerberos uses this type as an abstract data type for any data that a

diff --git a/tests/data/passwords/cdb.json b/tests/data/passwords/cdb.json
index d84f5dfce9b239ed4f8a00c0d0c086b5d6364e6a..d00f88bb3a369b1ecf7509c2a676f1d358521323 100644 (file)
--- a/tests/data/passwords/cdb.json
+++ b/tests/data/passwords/cdb.json
@@ -10,49 +10,49 @@
         "principal": "test@EXAMPLE.ORG",
         "password": "password",
         "code": "KADM5_PASS_Q_DICT",
-        "error": "password is based on a dictionary word"
+        "error": "password found in list of common passwords"
     },
     {
         "name": "in dictionary (longer)",
         "principal": "test@EXAMPLE.ORG",
         "password": "bitterbane",
         "code": "KADM5_PASS_Q_DICT",
-        "error": "password is based on a dictionary word"
+        "error": "password found in list of common passwords"
     },
     {
         "name": "in dictionary (drop first)",
         "principal": "test@EXAMPLE.ORG",
         "password": "1bitterbane",
         "code": "KADM5_PASS_Q_DICT",
-        "error": "password is based on a dictionary word"
+        "error": "password found in list of common passwords"
     },
     {
         "name": "in dictionary (drop last)",
         "principal": "test@EXAMPLE.ORG",
         "password": "bitterbane1",
         "code": "KADM5_PASS_Q_DICT",
-        "error": "password is based on a dictionary word"
+        "error": "password found in list of common passwords"
     },
     {
         "name": "in dictionary (drop first two)",
         "principal": "test@EXAMPLE.ORG",
         "password": "abbitterbane",
         "code": "KADM5_PASS_Q_DICT",
-        "error": "password is based on a dictionary word"
+        "error": "password found in list of common passwords"
     },
     {
         "name": "in dictionary (drop last two)",
         "principal": "test@EXAMPLE.ORG",
         "password": "bitterbane12",
         "code": "KADM5_PASS_Q_DICT",
-        "error": "password is based on a dictionary word"
+        "error": "password found in list of common passwords"
     },
     {
         "name": "in dictionary (drop first and last)",
         "principal": "test@EXAMPLE.ORG",
         "password": "'bitterbane'",
         "code": "KADM5_PASS_Q_DICT",
-        "error": "password is based on a dictionary word"
+        "error": "password found in list of common passwords"
     },
     {
         "name": "dictionary with three characters",

diff --git a/tests/data/passwords/principal.json b/tests/data/passwords/principal.json
index c82ecf95b77dd937db5b68085f200c64b9dce6fb..3f970c4af7408bee7b84517ff03b0316258f21a9 100644 (file)
--- a/tests/data/passwords/principal.json
+++ b/tests/data/passwords/principal.json
@@ -4,83 +4,83 @@
         "principal": "someuser@EXAMPLE.ORG",
         "password": "someuser",
         "code": "KADM5_PASS_Q_GENERIC",
-        "error": "password based on username"
+        "error": "password based on username or principal"
     },
     {
         "name": "based on principal (reversed)",
         "principal": "someuser@EXAMPLE.ORG",
         "password": "resuemos",
         "code": "KADM5_PASS_Q_GENERIC",
-        "error": "password based on username"
+        "error": "password based on username or principal"
     },
     {
         "name": "based on principal with digits",
         "principal": "someuser@EXAMPLE.ORG",
         "password": "someuser123",
         "code": "KADM5_PASS_Q_GENERIC",
-        "error": "password based on username"
+        "error": "password based on username or principal"
     },
     {
         "name": "is full principal",
         "principal": "test@EXAMPLE.ORG",
         "password": "test@EXAMPLE.ORG",
         "code": "KADM5_PASS_Q_GENERIC",
-        "error": "password based on username"
+        "error": "password based on username or principal"
     },
     {
         "name": "principal with leading digits",
         "principal": "someuser@EXAMPLE.ORG",
         "password": "123someuser",
         "code": "KADM5_PASS_Q_GENERIC",
-        "error": "password based on username"
+        "error": "password based on username or principal"
     },
     {
         "name": "principal with leading and trailing digits",
         "principal": "someuser@EXAMPLE.ORG",
         "password": "1someuser2",
         "code": "KADM5_PASS_Q_GENERIC",
-        "error": "password based on username"
+        "error": "password based on username or principal"
     },
     {
         "name": "is realm (lowercase)",
         "principal": "someuser@NEWEXAMPLE.ORG",
         "password": "newexample",
         "code": "KADM5_PASS_Q_GENERIC",
-        "error": "password based on username"
+        "error": "password based on username or principal"
     },
     {
         "name": "is realm (lowercase) with digits",
         "principal": "someuser@NEWEXAMPLE.ORG",
         "password": "newexample123",
         "code": "KADM5_PASS_Q_GENERIC",
-        "error": "password based on username"
+        "error": "password based on username or principal"
     },
     {
         "name": "is realm (lowercase) with leading digits",
         "principal": "someuser@NEWEXAMPLE.ORG",
         "password": "123newexample",
         "code": "KADM5_PASS_Q_GENERIC",
-        "error": "password based on username"
+        "error": "password based on username or principal"
     },
     {
         "name": "is realm reversed",
         "principal": "someuser@NEWEXAMPLE.ORG",
         "password": "ELPMAXEWEN",
         "code": "KADM5_PASS_Q_GENERIC",
-        "error": "password based on username"
+        "error": "password based on username or principal"
     },
     {
         "name": "is second realm with digits",
         "principal": "someuser@NEWEXAMPLE.ORG",
         "password": "ORG1791520",
         "code": "KADM5_PASS_Q_GENERIC",
-        "error": "password based on username"
+        "error": "password based on username or principal"
     },
     {
         "name": "is whole realm (mixed case)",
         "principal": "someuser@NEWEXAMPLE.ORG",
         "password": "NewExample.Org",
         "code": "KADM5_PASS_Q_GENERIC",
-        "error": "password based on username"
+        "error": "password based on username or principal"
     }
 ]