[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Additions to krb5.conf man page

Password quality information. Also, verify_krb5_conf doesn't know about
all the password quality options:

  verify_krb5_conf: /password_quality/min_classes: unknown or wrong type
  verify_krb5_conf: /password_quality/min_length: unknown or wrong type

| Jim Hranicky, Senior SysAdmin                   UF/CISE Department |
| E314D CSE Building                            Phone (352) 392-1499 |
| jfh@cise.ufl.edu                      http://www.cise.ufl.edu/~jfh |
--- lib/krb5/krb5.conf.5.orig   Wed Jun 22 16:44:15 2005
+++ lib/krb5/krb5.conf.5        Wed Jun 22 17:02:17 2005
@@ -426,7 +426,7 @@
 is the dn that will be appended to the principal when creating entries.
 Default value is the search dn.
-.It Li [kadmin]
+.It Li [kadmin] *******
 .Bl -tag -width "xxx" -offset indent
 .It Li require-preauth = Va BOOL
 If pre-authentication is required to talk to the kadmin server.
@@ -462,7 +462,24 @@
 and is only left for backwards compatibility.
+.It Li [password-quality]
+.Bl -tag -width "xxx" -offset indent
+.It Li check_library = Va library-name
+Library name that contains the password check_function
+.It Li check_function = Va function-name
+Function name for checking passwords in check_library
+.It Li policy_libraries = Va library1 ... libraryN
+List of libraries that can do password policy checks
+.It Li policies = Va policy1 ... policyN
+List of policy names to apply to the password. Builtin policies are 
+minimum-length, character-class (upper,lower, digits, others), external-check 
+  (an external program that reads from stdin 
+    principal: princ_name
+    new-password: newpass
+    end
+  )
 points to the configuration file to read.