- Many cleanups to the code and build system.
- Unnecessary differences from CrackLib removed.
- Some Debian CrackLib patches applied for robustness.
* Updated README.Debian with a better example kdc.conf entry.
* No longer install the packer binary. We can use the one from
cracklib-runtime.
[realms]
EXAMPLE.ORG = {
- database_name = /usr/local/var/krb5kdc/principal
- admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
- acl_file = /usr/local/var/krb5kdc/kadm5.acl
- key_stash_file = /usr/local/var/krb5kdc/stash
+ database_name = /var/lib/krb5kdc/principal
+ admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
+ acl_file = /etc/krb5kdc/kadm5.acl
+ key_stash_file = /etc/krb5kdc/stash
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = +preauth
- pwcheck_plugin = /usr/local/var/krb5kdc/kadmin_plugin.so
- dict_file = /usr/local/var/krb5kdc/dict
+ pwcheck_plugin = /usr/lib/kadmind/passwd_strength.so
+ dict_file = /usr/lib/kadmind/dictionary
}
-dict_file is a prefix for cracklib dicts you have now, e.g.
-/usr/local/var/krb5kdc/dict.pwd, .pwi, etc.
+dict_file is a prefix for the CrackLib dictionary files. You can generate
+those files using the utilities in cracklib-runtime.
You will need to have any policy apply to the principal in order for this
module to be enforced, as a result of how kadmin works (if there is no
policy applying either by default or to the principal, password quality is
not checked).
- -- Russ Allbery <rra@debian.org>, Sat, 24 Jun 2006 18:31:34 z
+ -- Russ Allbery <rra@debian.org>, Fri, 23 Mar 2007 15:23:43 z
+krb5-strength (0.3-1) unstable; urgency=low
+
+ * New upstream release with a different name.
+ - Many cleanups to the code and build system.
+ - Unnecessary differences from CrackLib removed.
+ - Some Debian CrackLib patches applied for robustness.
+ * Updated README.Debian with a better example kdc.conf entry.
+ * No longer install the packer binary. We can use the one from
+ cracklib-runtime.
+
+ -- Russ Allbery <rra@debian.org> Fri, 23 Mar 2007 15:27:50 -0700
+
krb5-passwd-strength (0.2-1) unstable; urgency=low
* Initial release.
-Source: krb5-passwd-strength
+Source: krb5-strength
Section: net
Priority: extra
Maintainer: Russ Allbery <rra@debian.org>
Build-Depends: debhelper (>= 4)
Standards-Version: 3.7.2
-Package: krb5-passwd-strength
+Package: krb5-strength
Architecture: any
Depends: ${shlibs:Depends}
Recommends: krb5-admin-server
Description: MIT Kerberos KDC plugin for password strength checking
This plugin checks passwords set via kadmin either through new account
creation or password changes. It rejects passwords that fit common
- patterns and then uses an embedded version of cracklib to reject
+ patterns and then uses an embedded version of CrackLib to reject
passwords based on dictionary words. No dictionary is shipped with this
package; a dictionary package must be installed separately.
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
-TMP = $(CURDIR)/debian/krb5-passwd-strength
+TMP = $(CURDIR)/debian/krb5-strength
CFLAGS=-g -Wall
ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
configure-stamp:
dh_testdir
- touch aclocal.m4 configure config.h.in Makefile.in src/Makefile.in
- CFLAGS="$(CFLAGS)" ./configure --prefix=/usr \
- --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \
- $(SYSTEM)
+ ./configure CFLAGS="$(CFLAGS)" --prefix=/usr $(SYSTEM)
touch configure-stamp
build: build-arch build-indep
dh_testdir
dh_testroot
dh_clean -k
- install -d $(TMP)/usr/lib/kadmind
- install src/.libs/kadmin_plugin.so \
- $(TMP)/usr/lib/kadmind/passwd_strength.so
- install -d $(TMP)/usr/bin
- install src/packer $(TMP)/usr/bin/packer
+ $(MAKE) install DESTDIR=$(TMP)
+ rm -f $(TMP)/usr/lib/kadmind/passwd_strength.la
binary: binary-arch binary-indep
binary-indep:
binary-arch: install
dh_testdir
dh_testroot
- dh_installchangelogs
- dh_installdocs
+ dh_installchangelogs NEWS
+ dh_installdocs README TODO
dh_link
dh_strip
dh_compress