I'm pleased to announce the first public release of the krb5-strength

krb5-strength is a toolkit for checking the strength of passwords against
an external dictionary, applying more transforms and checks than kadmind
supports by default. It is implemented as a patch to kadmind and a plugin
module that is called on each password change. It embeds a slightly
modified copy of Alec Muffett's CrackLib to do the password checking.

You can download it from:

This should be considered beta software. It is not (yet) used anywhere in
production. The long-term goal is to add a plugin interface to kadmind
suitable for running a strength checking hook so that this package can
simply provide the loadable module. In the meantime, I wanted to make it
available in case anyone is interested.

Please let me know of any problems or feature requests not already listed
in the TODO file.

Russ Allbery (rra@stanford.edu)
Kerberos mailing list Kerberos@mit.edu