< DocKnot 3.04 | Russ Allbery > Eagle's Path > May 2020 |
krb5-strength provides password strength checking for Kerberos KDCs (either MIT or Heimdal), and also provides a password history implementation for Heimdal.
This release adds a check-only mode to the heimdal-history
command
to interrogate history without modifying it and increases the default hash
iterations used when storing old passwords. explicit_bzero
is now
used, where available, to clear the memory used for passwords after
processing. krb5-strength can now optionally be built without CrackLib
support at all, if you only want to use the word list, edit distance, or
length and character class rules.
It's been a few years since the previous release, so this release also updates all the portability code, overhauls valgrind testing, and now passes tests when built with system CrackLib (by skipping tests for passwords that are rejected by the stronger rules of the embedded CrackLib fork).
You can get the latest release from the krb5-strength distribution page. New packages will be uploaded to Debian unstable shortly (as soon as a Perl transition completes enough to make the package buildable in unstable).
Posted: 2020-05-17 10:43 — Why no comments?
< DocKnot 3.04 | Russ Allbery > Eagle's Path > May 2020 |