[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can't change password anymore (Password is in the passworddictionary... what dictionary??)

Hi Jay,

> I have these lines in my krb5.conf...
> [password_quality]
>        policies = builtin:minimum-length builtin:character-class
>        min_length = 10
>        min_classes = 4
> and I even commented those..
> However, when I change my password via kadmin>, it
> always complains "Password is in the password
> dictionary".

The kadmin server (helpfully) converts all policy errors into
KADM5_PASS_Q_DICT that will result in that error strings, kpasswdd is
better in returning error strings.

I'll commit a change to make it at least log what the policy check failed,
but there is no place in the protocol to return an error string right now.

> I'm not sure what dictionary is it
> talking about.. I can't change any particular user's
> password unless entering kadmin in local mode where I
> can change any password and even bypass those
> password_quality(is this good or bad?) settings..

If you are a admin, or a run it in local mode, you are allowed to set
whatever password you want.


PGP signature