Hope Goering says:
> Are there any programs available that will sweep through a
> passwd file and a Kerberos database and attempt to crack
> users' passwords?
>
> There are programs available to do this just with /etc/passwd
> files, but I'm not familiar with anything that tries to
> crack Kerberos passwords.
>
> I am interested in this because I suspect that many of our
> users have very "crackable" passwords and we are trying to
> get a better handle on this.
To my knowledge, "crack" doesn't handle kerberos passwords, but could
easily be modified to do so. The absense of "salt" in the passwords a
la crypt(3) would likely make it run faster than a normal crack run. I
would suggest running the cracker directly on the kerberos server and
directly accessing the key database for maximum efficiency.
Perry
