dictionary password screening problem
Erich Weiler
weiler at soe.ucsc.edu
Tue Sep 12 19:08:59 EDT 2006
Hi All-
I'm having this weird issue that I'm hoping someone can shed some light
on. I've got a dictionary file of words I want to keep from being used
in passwords but I can't seem to get it to work. This is what's in my
kdc.conf file:
-----
[kdcdefaults]
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /var/kerberos/krb5kdc/kadm5.dict
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
v4_mode = nopreauth
[realms]
REALM.COM = {
#master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
des-cbc-crc:v4 des-cbc-crc:afs3
dict_file = /var/kerberos/krb5kdc/kadm5.dict
}
[logging]
kdc = FILE:/var/log/kdc.log
admin_server = FILE:/var/log/kadmin.log
-----
My kadm5.dict file is like 40MB big, but it's just a list of single
words, one on each line of the file, nothing special. I do have
policies in place, and they work fine, they just don't stop passwords
with dictionary words in them. For instance, 'horse78$' works, but the
'horse' part should make it reject, if I understand this correctly?
Can anyone maybe see something I'm missing?
Thanks in advance!
-erich
More information about the Kerberos
mailing list