[31483] in Kerberos
Re: addprinc -randkey broken in 1.7?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Thu Sep 17 00:13:31 2009
From: Russ Allbery <rra@stanford.edu>
To: Greg Hudson <ghudson@mit.edu>
In-Reply-To: <1253158152.9347.37.camel@ray> (Greg Hudson's message of "Wed, 16
Sep 2009 23:29:12 -0400")
Date: Wed, 16 Sep 2009 21:13:00 -0700
Message-ID: <874or2w6nn.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: "Leonard J. Peirce" <leonard.peirce@gmail.com>,
"kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Greg Hudson <ghudson@MIT.EDU> writes:
> Here's the history of the temporary password used for addprinc -randkey:
> * Through krb5 1.1, it was "dummy", which would fail any password
> policy requiring multiple character classes or more than five
> characters. This might explain Russ's experiences.
> * In r9210 (October 1996), it was changed to a 255 byte string
> containing all possible nonzero byte values, which would pass any policy
> with a reasonable minimum length. I believe this change first hit the
> field in krb5 1.2.
Ah, sorry, my experience is better explained by the fact that we patch the
KDC to apply cracklib checks on a password policy, and cracklib fails this
password. Sorry about the confusion.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos