> On 30 Jun 2016, at 01:52, Russ Allbery <ea...@eyrie.org> wrote:
> "Henry B (Hank) Hotz, CISSP" <hbh...@oxy.edu> writes:
>> Ah! Then it’s a question for Russ Allbery or Alf Wachsmann. you need
>> their email addresses?
> I don't think SLAC was using krb5-strength.  (Although maybe now would be
> a good time to take a look at it?  It was working with the version of
> Heimdal Stanford main campus was using when I left, at least.)
> Note that the CrackLib code in there is suspect; I really need to
> incorporate changes from the revived CrackLib upstream.  Stanford main
> campus switched to using the SQLite-based dictionary and edit distance
> one check.

Hi Russ, when you say "the CrackLib code in there is suspect", do you mean
in the current krb5-strength?  If so, can you provide details?  Suspect, to
the extent that it should not be used?  Should it be built against a newer
cracklib?  Note that we're using it with MIT kerberos, so hopefully this
isn't off-topic for this list.

Toby Blake
School of Informatics
University of Edinburgh

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

Reply via email to