krb5-strength - Password strength checking for Kerberos KDCs

Property Value
Distribution Debian 8 (Jessie)
Repository Debian Main amd64
Package name krb5-strength
Package version 3.0
Package release 1
Package architecture amd64
Package type deb
Installed size 149 B
Download size 62.24 KB
Official Mirror
krb5-strength provides a password quality plugin for the MIT Kerberos KDC
(specifically the kadmind server), an external password quality program
for use with Heimdal, and a per-principal password history implementation
for Heimdal.  Passwords can be tested with CrackLib, checked against a
CDB or SQLite database of known weak passwords with some transformations,
checked for length, checked for non-printable or non-ASCII characters
that may be difficult to enter reproducibly, required to contain
particular character classes, or any combination of these tests.
No dictionary is shipped with this package.  A CrackLib dictionary can be
created with the tools in cracklib-runtime, a CDB or SQLite database can
be created from a password list (obtained separately) using the tools
included in this package, or both.
The recommended packages are needed to generate CDB or SQLite databases
and for the password history implementation for Heimdal.


Package Version Architecture Repository
krb5-strength_3.0-1_i386.deb 3.0 i386 Debian Main
krb5-strength - - -


Name Value
adduser -
libc6 >= 2.14
libcdb1 -
libcrack2 >= 2.8.12
libkrb5-3 >= 1.10+dfsg~alpha1
libsqlite3-0 >= 3.5.9
multiarch-support -
perl -


Type URL
Binary Package krb5-strength_3.0-1_amd64.deb
Source Package krb5-strength

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install krb5-strength deb package:
    # sudo apt-get install krb5-strength




2014-03-26 - Russ Allbery <>
krb5-strength (3.0-1) unstable; urgency=medium
* New upstream release.
- SQLite password dictionaries are now supported and can be used to
reject passwords within edit distance one of any dictionary word.
- cdbmake-wordlist has been renamed to krb5-strength-wordlist and can
also generate SQLite databases compatible with this plugin and
Heimdal quality check program.
- heimdal-history, a password history implementation for Heimdal, has
been added and can be stacked with heimdal-strength to check both
history and password strength.
- New configuration option, minimum_different, which sets the minimum
number of different characters required in a password.
* Add the upstream signing key to debian/upstream/signing-key.asc and
configure uscan to do signature validation.  Configure uscan to
download the xz tarball instead of the gz tarball.
* Create a _history user and group and a /var/lib/heimdal-history
directory on package installation for the use of heimdal-history,
remove the user and the standard database on purge, and remove the
directory if empty on package purge or removal.
2013-12-16 - Russ Allbery <>
krb5-strength (2.2-1) unstable; urgency=low
* New upstream release.
- Support for more complex length-sensitive character class
restrictions using the new require_classes configuration setting.
- cdbmake-wordlist now supports filtering out words based on maximum
length and user-supplied regular expressions, and supports running
in filter mode to generate a new word list.
* Update to standards version 3.9.5 (no changes required).
2013-10-10 - Russ Allbery <>
krb5-strength (2.1-1) unstable; urgency=low
* New upstream release.
- Improve some of the password rejection error messages.

See Also

Package Description
krb5-sync-plugin_3.0-4_amd64.deb MIT Kerberos Active Directory synchronization plugin
krb5-sync-tools_3.0-4_amd64.deb Kerberos Active Directory synchronization tools
krb5-user_1.12.1+dfsg-19+deb8u4_amd64.deb Basic programs to authenticate using MIT Kerberos
krdc_4.14.1-1_amd64.deb Remote Desktop Connection client
krecipes-data_2.0~beta2-3_all.deb recipes manager for KDE - data files
krecipes-doc_2.0~beta2-3_all.deb recipes manager for KDE - documentation
krecipes_2.0~beta2-3_amd64.deb recipes manager for KDE
kredentials_2.0~pre3-1.1_amd64.deb KDE taskbar applet to update kerberos/AFS credentials
kremotecontrol_4.14.2-1_amd64.deb frontend for using remote controls
krename_4.0.9-3+b1_amd64.deb powerful batch renamer for KDE
kreversi_4.13.1-1_amd64.deb reversi board game
krfb_4.14.2-1_amd64.deb Desktop Sharing utility
krita-data_2.8.5+dfsg-1_all.deb data files for Krita painting program
krita-gemini_2.8.5+dfsg-1+b2_amd64.deb fusion between Krita Sketch and Krita Desktop
krita-sketch_2.8.5+dfsg-1+b2_amd64.deb touch-friendly version of krita