Cannot get [password_quality] to work with 7.5.0 on Debian buster

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Cannot get [password_quality] to work with 7.5.0 on Debian buster

Adam Lewenberg
I have a newly-built Debian buster server. I have installed the heimdal
packages that are available in the buster distribution (currently, these
all have version number 7.5.0+dfsg-2).

I have this in /etc/krb5.conf:

[password_quality]
     policies           = minimum-length
     min_length         = 10

When I change the password for a user to one that is one-character long,
kadmin lets me. Here is the command:

% kadmin -p joeuser passwd -p A janeuser
[hidden email]'s Password:
% (no error shown)

How do I configure it so that heimdal respects the [password_quality]
stanza?

Adam Lewenberg








Reply | Threaded
Open this post in threaded view
|

Re: Cannot get [password_quality] to work with 7.5.0 on Debian buster

Russ Allbery-2
Adam Lewenberg <[hidden email]> writes:

> I have a newly-built Debian buster server. I have installed the heimdal
> packages that are available in the buster distribution (currently, these
> all have version number 7.5.0+dfsg-2).

> I have this in /etc/krb5.conf:

> [password_quality]
>     policies           = minimum-length
>     min_length         = 10

> When I change the password for a user to one that is one-character long,
> kadmin lets me. Here is the command:

> % kadmin -p joeuser passwd -p A janeuser
> [hidden email]'s Password:
> % (no error shown)

> How do I configure it so that heimdal respects the [password_quality]
> stanza?

Password changes by administrators bypass all password quality checks on
Heimdal without https://github.com/heimdal/heimdal/pull/320, which was
applied locally to Stanford's build of Heimdal.

--
Russ Allbery ([hidden email])              <http://www.eyrie.org/~eagle/>