http://blfs-bugs.linuxfromscratch.org/show_bug.cgi?id=1465
Summary: MIT Kerberos Password Checking
Product: Beyond LinuxFromScratch
Version: SVN
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: BOOK
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
QAContact: [email protected]
The MIT Kerberos package has code which will use a dictionary file
to check for strong passwords.
I suggest that the MIT Kerberos instructions add an "Additional Download"
section to download the CrackLib dictionary
download: http://prdownloads.sourceforge.net/cracklib/cracklib-words.gz
MD5 sum: d18e670e5df560a8745e1b4dede8f84f
Size: 4.4 MB
and install it using the CrackLib instructions
install -v -m644 -D ../cracklib-words.gz \
/usr/share/dict/cracklib-words.gz &&
gunzip -v /usr/share/dict/cracklib-words.gz &&
ln -v -s cracklib-words /usr/share/dict/words
then provide instructions in the configuration section to create
a kdc.conf file and add the dict_file flag to the file.
This would then install MIT Kerberos using strong password checking
as the default. Unfortunately, I cannot find a way to use an additional
file (similar to the CrackLib cracklib-extra-words file) to use
additional, site-specific words.
Perhaps a mention to add these site-specific extra words to the
CrackLib dictionary would suffice.
Exectuve Summary of this bug:
If a site is worried (smart enough) to use a Kerberos authentication
system to provide strong and encrypted authentication, but does not
force users to use strong passwords, the security of the system is
drastically reduced, and can easily be compromised.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the QA contact for the bug, or are watching the QA contact.
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
