krb5-strength 3.1

krb5-strength provides password strength checking plugins and programs for MIT Kerberos and Heimdal, and a password history implementation for Heimdal. This is the first new upstream release since I left Stanford, since I don't personally use the package any more. But it's easy enough to maintain, and it was overdue for merging some contributed patches.

This release adds a new configuration directive, cracklib_maxlen, which can be used to not run longer passwords through CrackLib (whose concepts of password strength were not designed for longer passwords and which can spuriously reject passphrases). It also allows require_classes to require a certain number of character classes in a password, not just specific classes. There are also a variety of portability and cleanup fixes. Thanks to Jorj Bauer, Toby Blake, and Bernt Jernberg for their contributions.

I've merged into the embedded CrackLib all the relevant security patches that have come out, although none of them turned out to be relevant for this package due to how CrackLib was called. I also applied a patch from Mark Sirota to fix mkdict and packer to force C locale, which keeps them from creating corrupted dictionaries.

Finally, configuration instructions for the plugin are now installed as a new krb5-strength man page, and configuration instructions are included in the heimdal-history and heimdal-strength man pages, instead of just being in the README file. This makes them more accessible after the package is installed.

You can get the latest version from the krb5-strength distribution page.