[38808] in Kerberos
Re: cpw ignoring password policies
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Aug 12 11:55:03 2020
To: =?UTF-8?Q?Dario_Garc=c3=ada_D=c3=adaz-Miguel?= <dgdiaz@gmv.com>,
"kerberos@mit.edu" <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <1987bf83-6210-1367-fb6b-96f4d0e873a1@mit.edu>
Date: Wed, 12 Aug 2020 11:52:10 -0400
MIME-Version: 1.0
In-Reply-To: <f30541d8bef947548a8a746464a9f022@gmv.com>
Content-Language: en-US
Content-Type: text/plain; charset="windows-1252"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 8/12/20 5:39 AM, Dario García Díaz-Miguel wrote:
> kadmin -k -t $KEYTABLOCATION -p $SERVICEPRINCIPAL -q "cpw $PRINCIPAL -pw $PASSWORD"
>
> What we found is that this command ignores the password policy assigned to the principal, including all the complexity rules and history options. No matter if the command is launched in a kadmin console interactive mode, policies are totally ignored.
>
> If we use:
>
> kpasswd $PRINCIPAL
That's unexpected, and it's not the behavior I see in a test environment:
$ kadmin.local addpol -minlength 6 testpol
$ kadmin.local modprinc -policy testpol user
$ kadmin -k -p user/admin cpw -pw pw user
change_password: Password is too short while changing password for
"user@KRBTEST.COM".
$ kadmin.local cpw -pw pw user
change_password: Password is too short while changing password for
"user@KRBTEST.COM".
What software and version is running on the kadmin server?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
