[Bug 1465] New: MIT Kerberos Password Checking

blfs-bugs at linuxfromscratch.org blfs-bugs at linuxfromscratch.org
Tue Jul 26 08:31:08 PDT 2005


           Summary: MIT Kerberos Password Checking
           Product: Beyond LinuxFromScratch
           Version: SVN
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: BOOK
        AssignedTo: blfs-book at linuxfromscratch.org
        ReportedBy: randy at linuxfromscratch.org
         QAContact: blfs-book at linuxfromscratch.org

The MIT Kerberos package has code which will use a dictionary file
to check for strong passwords.

I suggest that the MIT Kerberos instructions add an "Additional Download"
section to download the CrackLib dictionary

download: http://prdownloads.sourceforge.net/cracklib/cracklib-words.gz
MD5 sum:  d18e670e5df560a8745e1b4dede8f84f
Size:     4.4 MB

and install it using the CrackLib instructions

install -v -m644 -D ../cracklib-words.gz \
    /usr/share/dict/cracklib-words.gz &&
gunzip -v /usr/share/dict/cracklib-words.gz &&
ln -v -s cracklib-words /usr/share/dict/words

then provide instructions in the configuration section to create
a kdc.conf file and add the dict_file flag to the file.

This would then install MIT Kerberos using strong password checking 
as the default. Unfortunately, I cannot find a way to use an additional
file (similar to the CrackLib cracklib-extra-words file) to use 
additional, site-specific words.

Perhaps a mention to add these site-specific extra words to the 
CrackLib dictionary would suffice.

Exectuve Summary of this bug:

If a site is worried (smart enough) to use a Kerberos authentication
system to provide strong and encrypted authentication, but does not
force users to use strong passwords, the security of the system is
drastically reduced, and can easily be compromised.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the QA contact for the bug, or are watching the QA contact.

More information about the blfs-book mailing list