I have no Windows source code to judge by, but just looking from the
outside I believe the error arises as follows. When the MIT-based
KDC returns the error code KADM5_PASS_Q_DICT (which it will only do
if your Kerberos admin has inserted a dictionary check, as there is
none by default), the MS password-changing client fishes in
uninitialized memory for some other possible parameters governing the
password selection: the length and history.
(This sheds no light on what it might do if you try a password with
too few character *classes*, which is yet another error code.)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
