Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

You are in a maze of little twisting passages, all alike.

devel / comp.protocols.kerberos / krb5-strength 3.3 released

SubjectAuthor
o krb5-strength 3.3 releasedRuss Allbery

1
krb5-strength 3.3 released

<mailman.0.1703612370.2322.kerberos@mit.edu>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=451&group=comp.protocols.kerberos#451

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: eagle@eyrie.org (Russ Allbery)
Newsgroups: comp.protocols.kerberos
Subject: krb5-strength 3.3 released
Date: Mon, 25 Dec 2023 19:53:39 -0800
Organization: The Eyrie
Lines: 52
Message-ID: <mailman.0.1703612370.2322.kerberos@mit.edu>
References: <87cyutpqkc.fsf@hope.eyrie.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="5043"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Gnus/5.13 (Gnus v5.13)
To: <kerberos@mit.edu>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu; dkim=pass (1024-bit key,
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=lXHKa+lQ
Authentication-Results: mit.edu;
dmarc=none (p=none dis=none) header.from=eyrie.org
Authentication-Results: mit.edu; arc=pass smtp.remote-ip=18.9.3.18
ARC-Seal: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1703612367; cv=pass;
b=ItAPRHXO2Sf9uBjvs33XUmHH+WC0nnJGg51kU/WoqxwGbLwcA1e/uvYb3lm3kJRZwJ7eCv2Dn+mZFD+oYIqYw6e3gVZwHkrtwWiiyW54C8HVq2pjBiYJsnftOzIMxcRwb/Poq8IfDTkJjTRdp9OFcRxxCUgf+/RnZA1sLTuOfgVPO2ylChkb7/UWXp/9fta1ILDn7kN28UcN1+Td7h71yLrkOhUg7wc7xSf2cqQGuEiQFgMlgtK8QISjVSaYL1hsn4uNSn/t6MgLzmkh3sE6sB5A+kYYn1AqJaNsey1kqYaTvVt3UPiyuzQcNM1ws5H/ok7aqaZTMDUIB4HNxKf4zA==
ARC-Message-Signature: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1703612367;
c=relaxed/relaxed; bh=StrRaIm065lmEVRkCaaBBYKpRtTPPY+vxfPg/kDXZ3s=;
h=From:Subject:Date:Message-ID:MIME-Version:Content-Type;
b=Sx6su8NEqVqI/fV5VnMsjjlPECYjeiY4WezsUS0L8I+dLPU+dH7lJrRAvfpHdRj4XhnqewhCUxI/8E0HU/YtbN0x2dHk0WPailf2/cm1QjJIqhH0DbT+L23p2+Ogt+sTEcjRLAe0XkqdGzlmWpP2ub3MF4zO/p0GVesblm5P90a3sSKBIaSM1s9CmOQgYCUX9bG2jIAGSv9DDmiqlCg+3Ue+6VkAFCWdMR6ciZ46xXfsvtFTvZqTdsmmUynfOZRsE/zC9jwRKMBlze807i63my1X1qvOh5XHc53csWMcJr+mzw4LHMQ8pGMvGU1QGXYYnxB3sBH7JLahMOLf3O8Row==
ARC-Authentication-Results: i=2; mit.edu; dkim=pass (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=lXHKa+lQ
Authentication-Results: mit.edu; dkim=pass (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=lXHKa+lQ
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=CaUbGvtBYxBy3KsyDTNYHAno6uC4Q+ubRITsrdtFAKxIBBh4vj4kkZ6sdVDnWqO48s2cEFvnnZOhBVSKvw2Li5T0cSxTiH/Ieg1x9eogXKHWD+JLkFRuTh8XWzj7Px+j5QJw5hlQGgy5dDfpeUkFB09OqW5zeDtsH75+MCDoosyOBo1BZ2/rgtC2pVwU9Q5/4j0oDycNjYAnm7eWpGWQdsn6kCVYWbPHcOV3oKWpgoOYGpiiFpV2E/bsDXZdXnV2Fvsv3vbdqi+z5aCkyJMbO3tt+J3907gb+5cgP1IWlpMOnVQmjPycP+W7d+Ch33Au3UOqwK21aZ1ZVoEyG2bpfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=StrRaIm065lmEVRkCaaBBYKpRtTPPY+vxfPg/kDXZ3s=;
b=hvMg/AgcvTm8C53VaUmd1IaHchkd1zavcYX0lsgcfA5oZZNAyQlIhoZ1GJovaHqE3GIKaO32qf2BjIKVkYW6OlVTzKUfYe+0ceUFyRPebXApHXrfqMeAVxZJari7WBWNioOkruLFzE7H9CE+FASxkJz2LQiqzxxjiXR5nZ7Ki/OHZrXpQqbPNEWI8I5c1HVW8aBRcAGTyHxo7u2D2PhOyRiFTLZJSk+2ljMsVFZbTOcttAtuqZUGVmUaCqhrfr/kyVcB3EwLyUeokBDrbCFbD8HXrI0/C9vmeZtkAlCs43Mhb2CbjiUjMeodFAkxWsGcNbXwNJ6xFjxAIOupq8e1tg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
166.84.7.159) smtp.rcpttodomain=mit.edu smtp.mailfrom=eyrie.org;
dmarc=bestguesspass action=none header.from=eyrie.org; dkim=none (message not
signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=StrRaIm065lmEVRkCaaBBYKpRtTPPY+vxfPg/kDXZ3s=;
b=lXHKa+lQoUGjnqT/BkrqM2INY3se6UNrhmpX4kPdh8c4NPffBnSYOQfoKMQiwb7XRkmoWzoHAi03aZCNOIuYX5gD+2S6mjMMuJeYnreRigIaWfGF3OUW0r1Wkd6Rx8scdILhvToRGW259T6tEWYQi1vd+hWZDmVMMfuDfd1vMeU=
Authentication-Results: spf=pass (sender IP is 166.84.7.159)
smtp.mailfrom=eyrie.org; dkim=none (message not signed)
header.d=none;dmarc=bestguesspass action=none header.from=eyrie.org;
Received-SPF: Pass (protection.outlook.com: domain of eyrie.org designates
166.84.7.159 as permitted sender) receiver=protection.outlook.com;
client-ip=166.84.7.159; helo=haven.eyrie.org; pr=C
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MWH0EPF000989E7:EE_|SA1PR01MB8671:EE_
X-MS-Office365-Filtering-Correlation-Id: 6376c686-9d3d-4f22-6d44-08dc06397de9
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: x0UaxYC8+Djtd5WY/1cocB2dQg9yEn6CcArrbFhbAhF/3FtXIqbIuntcyKDOXSMEENm1J0ZwLHo1zXBks/31cyR/OkCkzyu0+hsEO+QvAIX0nok+5Pv0x5k3xt18f6k4XwAaLOPz4VMGxO/idOL5IJQYGiI00hJzf5O8zC9xiXPI97ySN7fK+PimRIIJ/U1aLDD+rnX3OKKPtiwfK1q3xvWYSvO80PUlSL69Fab+TStp2iYtCvYdtu6bRWbobzso8DR+zeJhRSGfftrtsKalQHAXCvpWN+c8ZPsIGiJ4S4Sia2DkzmLBJRnGRDi8qBO9MEvVO46uQWVOicBeJN1dCwJDgLqfKEfoVKVZnyCV45RK3bg2h0oBA8+ajbUasMaCxJXTbuoS6FCPb1ABCIxcYtX5APdpI/J6DLx+Mx9jksmeBZMIXgr1xP8XtqqbNiIu+0WFc9CUQf+mUoxRDYERVKyJh5K9Fa782c0nNLF/p1MDFeSHE2mTbgX4ZxnJTFWrjbkUWKIr5lK7PNBFs2CahiD/Hl4yLtibrvGnP7kmQZGFT/qMBtqJWiD7yHG79ZhuiSQbb5NqVoM3v2vgKNnUwkQ5rqsRLV3i5WDw9rbhvoIwAnkZ9vv61xJTs3eg1ywJDH1zNOPWzdZTtqOlfGFKvN2l/YMHA3qqdi50oNFDl42lX/xxo+Vy5qPcNmD1HjvZ1A7D4aKGR7ybFgNvJ2BkFQ==
X-Forefront-Antispam-Report: CIP:166.84.7.159; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:haven.eyrie.org; PTR:haven.eyrie.org; CAT:NONE;
SFS:(13230031)(4636009)(396003)(376002)(346002)(39860400002)(136003)(230173577357003)(230273577357003)(451199024)(64100799003)(61400799012)(48200799006)(356005)(7636003)(7596003)(2906002)(86362001)(36916002)(42186006)(786003)(316002)(68406010)(70586007)(26005)(336012)(6266002)(426003)(83380400001)(498600001)(5660300002)(34206002)(8676002);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Dec 2023 17:38:37.3088 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 6376c686-9d3d-4f22-6d44-08dc06397de9
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000989E7.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR01MB8671
X-OriginatorOrg: mitprod.onmicrosoft.com
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <87cyutpqkc.fsf@hope.eyrie.org>
 by: Russ Allbery - Tue, 26 Dec 2023 03:53 UTC

I'm pleased to announce release 3.3 of krb5-strength.

krb5-strength provides a password quality plugin for the MIT Kerberos KDC
(specifically the kadmind server) and Heimdal KDC, an external password
quality program for use with Heimdal, and a per-principal password history
implementation for Heimdal. Passwords can be tested with CrackLib,
checked against a CDB or SQLite database of known weak passwords with some
transformations, checked for length, checked for non-printable or
non-ASCII characters that may be difficult to enter reproducibly, required
to contain particular character classes, or any combination of these
tests.

Changes from previous release:

heimdal-history now requires the Perl modules Const::Fast and
JSON::MaybeXS instead of Readonly and JSON.

Increase hash iterations for heimdal-history by about 10% to maintain
the time required for a password hash at about 0.1 seconds on not
horribly modern hardware. This will affect newly-stored history
entries but will not invalidate existing password history entries.

Explicitly erase the copy of the password made in the Heimdal plugin
before freeing memory.

Add a spec file for building RPMs, contributed by Daria Phoebe
Brashear.

Update to rra-c-util 10.5:

* Assume a working snprintf rather than supplying a replacement.
* Fix detection of reallocarray on NetBSD.
* Check that Kerberos header files were found during configure.
* Use AS_ECHO in all Autoconf macros.
* Always use lib32 or lib64 if it exists, even on Debian.
* Fix rejection of unknown Clang warning flags.
* Disable -Wreserved-identifier for Clang warning builds.

You can download it from:

<https://www.eyrie.org/~eagle/software/krb5-strength/>

This package is maintained using Git; see the instructions on the above
page to access the Git repository.

Debian packages have been uploaded to Debian unstable.

Please let me know of any problems or feature requests not already listed
in the TODO file.

--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor