[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Can't change password anymore (Password is in the passworddictionary... what dictionary??)
Hi Jay,
> I have these lines in my krb5.conf...
>
> [password_quality]
> policies = builtin:minimum-length builtin:character-class
> min_length = 10
> min_classes = 4
>
> and I even commented those..
> However, when I change my password via kadmin>, it
> always complains "Password is in the password
> dictionary".
The kadmin server (helpfully) converts all policy errors into
KADM5_PASS_Q_DICT that will result in that error strings, kpasswdd is
better in returning error strings.
I'll commit a change to make it at least log what the policy check failed,
but there is no place in the protocol to return an error string right now.
> I'm not sure what dictionary is it
> talking about.. I can't change any particular user's
> password unless entering kadmin in local mode where I
> can change any password and even bypass those
> password_quality(is this good or bad?) settings..
If you are a admin, or a run it in local mode, you are allowed to set
whatever password you want.
Love
PGP signature