-
Notifications
You must be signed in to change notification settings - Fork 1
MIT krb5 pwqual plugin using cracklib to check password quality
License
ensc/krb5-cracklib
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Requirements
============
* MIT Kerberos 1.9+ with pwqual plugin interface
* cracklib; (optionally) version 2.9+ which provides FascistCheckUser()
Installation
============
1. call 'make' with proper libdir and libexecdir settings; libdir
must either match this of krb5 installation (e.g. plugins are at
${libdir}/krtb5/plugins), or there must be used an absolute path
to the cracklib plugin later.
It can me necessary to add '-I/usr/include/et' to CFLAGS because
krb5 expects <com_err.h> to be in include path which is not the
case e.g. in RHEL6
2. install it with 'make install' by using same flags as above; you
can specify DESTDIR to copy files into a snapshot directory. As a
result, two new files
/usr/lib64/krb5/plugins/pwqual/cracklib.so
/usr/libexec/krb5-checkpass
are created
3. load module by adding
--------------
[plugins]
pwqual = {
module = cracklib:pwqual/cracklib.so
}
--------------
to /etc/krb5.conf of the kadmin server and restart this server.
4. test it by trying to set a simple password. 'kadmin.local' and kdc
logfile will contain the full error message:
# kadmin.local -q 'cpw test'
Enter password for principal "test...": abcABC123.
change_password: it is too simplistic/systematic while changing password...
Remote clients ('kpasswd', 'kadmin') will see only a generic
error message and logfile must be checked for the exact reason:
$ kpasswd test
Enter new password: abcABC123.
Password change rejected: Password not changed.
Unspecified password quality failure while trying to change password.
About
MIT krb5 pwqual plugin using cracklib to check password quality
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published