krb5-strength

Password strength checking for Kerberos KDCs

krb5-strength provides a password quality plugin for the MIT Kerberos KDC (specifically the kadmind server), an external password quality program for use with Heimdal, and a per-principal password history implementation for Heimdal. Passwords can be tested with CrackLib, checked against a CDB or SQLite database of known weak passwords with some transformations, checked for length, checked for non-printable or non-ASCII characters that may be difficult to enter reproducibly, required to contain particular character classes, or any combination of these tests. No dictionary is shipped with this package. A CrackLib dictionary can be created with the tools in cracklib-runtime, a CDB or SQLite database can be created from a password list (obtained separately) using the tools included in this package, or both. The recommended packages are needed to generate CDB or SQLite databases and for the password history implementation for Heimdal.