> On 30 Jun 2016, at 01:52, Russ Allbery <ea...@eyrie.org> wrote:
> "Henry B (Hank) Hotz, CISSP" <hbh...@oxy.edu> writes:
>> Ah! Then it’s a question for Russ Allbery or Alf Wachsmann. you need
>> their email addresses?
> I don't think SLAC was using krb5-strength. (Although maybe now would be
> a good time to take a look at it? It was working with the version of
> Heimdal Stanford main campus was using when I left, at least.)
> Note that the CrackLib code in there is suspect; I really need to
> incorporate changes from the revived CrackLib upstream. Stanford main
> campus switched to using the SQLite-based dictionary and edit distance
> one check.
Hi Russ, when you say "the CrackLib code in there is suspect", do you mean
in the current krb5-strength? If so, can you provide details? Suspect, to
the extent that it should not be used? Should it be built against a newer
cracklib? Note that we're using it with MIT kerberos, so hopefully this
isn't off-topic for this list.
School of Informatics
University of Edinburgh
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.