krb5-strength - Password strength checking for Kerberos KDCs

Distribution: Debian 8 (Jessie)
Repository: Debian Main amd64
Package name: krb5-strength
Package version: 3.0
Package release: 1
Package architecture: amd64
Package type: deb
Installed size: 149 B
Download size: 62.24 KB
Official Mirror:
krb5-strength provides a password quality plugin for the MIT Kerberos KDC (specifically the kadmind server), an external password quality program for use with Heimdal, and a per-principal password history implementation for Heimdal. Passwords can be tested with CrackLib, checked against a CDB or SQLite database of known weak passwords with some transformations, checked for length, checked for non-printable or non-ASCII characters that may be difficult to enter reproducibly, required to contain particular character classes, or any combination of these tests. No dictionary is shipped with this package. A CrackLib dictionary can be created with the tools in cracklib-runtime, a CDB or SQLite database can be created from a password list (obtained separately) using the tools included in this package, or both. The recommended packages are needed to generate CDB or SQLite databases and for the password history implementation for Heimdal.



    Source package: krb5-strength

    Install Howto

    1. Update the package index:
      # sudo apt-get update
    2. Install krb5-strength deb package:
      # sudo apt-get install krb5-strength


    • /usr/bin/heimdal-history
    • /usr/bin/heimdal-strength
    • /usr/bin/krb5-strength-wordlist
    • /usr/lib/x86_64-linux-gnu/krb5/plugins/pwqual/
    • /usr/share/doc/krb5-strength/README.gz
    • /usr/share/doc/krb5-strength/TODO
    • /usr/share/doc/krb5-strength/changelog.Debian.gz
    • /usr/share/doc/krb5-strength/changelog.gz
    • /usr/share/doc/krb5-strength/copyright
    • /usr/share/man/man1/heimdal-history.1.gz
    • /usr/share/man/man1/heimdal-strength.1.gz
    • /usr/share/man/man1/krb5-strength-wordlist.1.gz


    2014-03-26 - Russ Allbery <> krb5-strength (3.0-1) unstable; urgency=medium * New upstream release. - SQLite password dictionaries are now supported and can be used to reject passwords within edit distance one of any dictionary word. - cdbmake-wordlist has been renamed to krb5-strength-wordlist and can also generate SQLite databases compatible with this plugin and Heimdal quality check program. - heimdal-history, a password history implementation for Heimdal, has been added and can be stacked with heimdal-strength to check both history and password strength. - New configuration option, minimum_different, which sets the minimum number of different characters required in a password. * Add the upstream signing key to debian/upstream/signing-key.asc and configure uscan to do signature validation. Configure uscan to download the xz tarball instead of the gz tarball. * Create a _history user and group and a /var/lib/heimdal-history directory on package installation for the use of heimdal-history, remove the user and the standard database on purge, and remove the directory if empty on package purge or removal.

    2013-12-16 - Russ Allbery <> krb5-strength (2.2-1) unstable; urgency=low * New upstream release. - Support for more complex length-sensitive character class restrictions using the new require_classes configuration setting. - cdbmake-wordlist now supports filtering out words based on maximum length and user-supplied regular expressions, and supports running in filter mode to generate a new word list. * Update to standards version 3.9.5 (no changes required).

    2013-10-10 - Russ Allbery <> krb5-strength (2.1-1) unstable; urgency=low * New upstream release. - Improve some of the password rejection error messages.