Opened 17 years ago

Closed 16 years ago

Last modified 9 years ago

#1465 closed defect (fixed)

MIT Kerberos Password Checking

Reported by: Randy McMurchy Owned by: blfs-book@…
Priority: high Milestone:
Component: BOOK Version: SVN
Severity: normal Keywords:

Description (last modified by Randy McMurchy)

The MIT Kerberos package has code which will use a dictionary file to check for strong passwords.

I suggest that the MIT Kerberos instructions add an "Additional Download" section to download the CrackLib dictionary

download: MD5 sum: d18e670e5df560a8745e1b4dede8f84f Size: 4.4 MB

and install it using the CrackLib instructions

install -v -m644 -D ../cracklib-words.gz \

/usr/share/dict/cracklib-words.gz &&

gunzip -v /usr/share/dict/cracklib-words.gz && ln -v -s cracklib-words /usr/share/dict/words

then provide instructions in the configuration section to create a kdc.conf file and add the dict_file flag to the file.

This would then install MIT Kerberos using strong password checking as the default. Unfortunately, I cannot find a way to use an additional file (similar to the CrackLib cracklib-extra-words file) to use additional, site-specific words.

Perhaps a mention to add these site-specific extra words to the CrackLib dictionary would suffice.

Exectuve Summary of this bug:

If a site is worried (smart enough) to use a Kerberos authentication system to provide strong and encrypted authentication, but does not force users to use strong passwords, the security of the system is drastically reduced, and can easily be compromised.

Change History (2)

comment:1 by Randy McMurchy, 16 years ago

Description: modified (diff)
Resolution: fixed
Status: newclosed

Added information to the MIT Kerberos instructions that recommends installing a word dictionary and how to configure the installation to use it.

comment:2 by bdubbs@…, 9 years ago

Milestone: old

Milestone old deleted

Note: See TracTickets for help on using tickets.