1. Forum
  2. Usenet
  3. COMP.PROTOCOLS.KERBEROS

  • krb5-strength 3.3 released

    From Russ Allbery@21:1/5 to All on Mon Dec 25 19:53:39 2023
    I'm pleased to announce release 3.3 of krb5-strength.

    krb5-strength provides a password quality plugin for the MIT Kerberos KDC (specifically the kadmind server) and Heimdal KDC, an external password
    quality program for use with Heimdal, and a per-principal password history implementation for Heimdal. Passwords can be tested with CrackLib,
    checked against a CDB or SQLite database of known weak passwords with some transformations, checked for length, checked for non-printable or
    non-ASCII characters that may be difficult to enter reproducibly, required
    to contain particular character classes, or any combination of these
    tests.

    Changes from previous release:

    heimdal-history now requires the Perl modules Const::Fast and
    JSON::MaybeXS instead of Readonly and JSON.

    Increase hash iterations for heimdal-history by about 10% to maintain
    the time required for a password hash at about 0.1 seconds on not
    horribly modern hardware. This will affect newly-stored history
    entries but will not invalidate existing password history entries.

    Explicitly erase the copy of the password made in the Heimdal plugin
    before freeing memory.

    Add a spec file for building RPMs, contributed by Daria Phoebe
    Brashear.

    Update to rra-c-util 10.5:

    * Assume a working snprintf rather than supplying a replacement.
    * Fix detection of reallocarray on NetBSD.
    * Check that Kerberos header files were found during configure.
    * Use AS_ECHO in all Autoconf macros.
    * Always use lib32 or lib64 if it exists, even on Debian.
    * Fix rejection of unknown Clang warning flags.
    * Disable -Wreserved-identifier for Clang warning builds.

    You can download it from:

    <https://www.eyrie.org/~eagle/software/krb5-strength/>

    This package is maintained using Git; see the instructions on the above
    page to access the Git repository.

    Debian packages have been uploaded to Debian unstable.

    Please let me know of any problems or feature requests not already listed
    in the TODO file.

    --
    Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)