oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kadmin: allow enforcing password quality on admin password change

Browse Source 
This patch adds the "enforce_on_admin_set" configuration knob in the
[password_quality] section. When this is enabled, administrative password
changes via the kadmin or kpasswd protocols will be subject to password quality
checks. (An administrative password change is one where the authenticating
principal is different to the principal whose password is being changed.)

Note that kadmin running in local mode (-l) is unaffected by this patch.
This commit is contained in:
Luke Howard
2018-12-24 15:28:32 +11:00
parent 6ce1aa84c5
commit c89d3f3b8c
6 changed files with 103 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/krb5/verify_krb5_conf.c
View File

@@ -633,6 +633,7 @@ struct entry kcm_entries[] = {
};
struct entry password_quality_entries[] = {
{ "enforce_on_admin_set", krb5_config_string, check_boolean, 0 },
{ "check_function", krb5_config_string, NULL, 0 },
{ "check_library", krb5_config_string, NULL, 0 },
{ "external_program", krb5_config_string, NULL, 0 },