Heimdal and cracklib
Hi,
I'm looking to incorporate password quality control in my Heimdal KDC
using cracklib. I found the following in the Heimdal manuals:
[password_quality]
check_library = library
check_function = function
The function function in the shared library library will
be called for proposed new passwords. The function
should be declared as:
const char * function(krb5_context context,
krb5_principal principal, krb5_data *pwd);
The function should verify that pwd is a good password
for principal and if so return NULL. If it is deemed to
be of low quality, it should return a string explaining
why that password should not be used.
Code for a password quality checking function that uses
the cracklib library can be found in
kpasswd/sample_password_check.c in the source code
distribution. It requires the cracklib library built
with the patch available at
<ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch>
Now I'm wondering if the code mentioned in the Heimdal docs incorporated
and does Debian cracklib2 have the proper patch? If so, what do I need
to put in my krb5.conf entry to make it work?
/Anton
--
I've got "rm -rf" and I'm not afraid to use it
Reply to: