Next: Data Structures
Up: Kerberos Administration System KADM5
Previous: Versions of the API
Contents
The Admin API Password Quality mechanism provides the following
controls. Note that two strings are defined to be ``significantly
different'' if they differ by at least one character. The compare is not
case sensitive.
- A minimum length can be required; a password with
fewer than the specified number of characters will not be accepted.
- A minimum number of character classes can be required; a
password that does not contain at least one character from at least
the specified number of character classes will not be accepted. The
character classes are defined by islower(), isupper(), isdigit(),
ispunct(), and other.
- Passwords can be required to be different from
previous passwords; a password that generates the same encryption key
as any of the principal's specified previous number of passwords will
not be accepted. This comparison is performed on the encryption keys
generated from the passwords, not on the passwords themselves.
- A single ``forbidden password'' dictionary can be specified for all
users; a password that is not significantly different from every word
in the dictionary will not be accepted.
Next: Data Structures
Up: Kerberos Administration System KADM5
Previous: Versions of the API
Contents
Autobuild
2009-09-05