On 04/11/2014 19:05, Greg Hudson wrote: > On 11/04/2014 12:54 PM, Andreas Ntaflos wrote: >> Hi, >> >> I see that the "-history" option for "add_policy" (in kadmin) is not >> supported when using the LDAP backend for Kerberos [1]. > We expect to have this implemented this for 1.14 (see > https://github.com/krb5/krb5/pull/132 ) but for now that is true. > >> Is there *any* other way to ensure a user doesn't use one of his >> previous four keys when changing passwords and the Kerberos database is >> in LDAP? > You could write a password quality plugin module (see > http://web.mit.edu/kerberos/krb5-latest/doc/plugindev/index.html ) and > maintain your own database of password hashes. You might use > http://www.eyrie.org/~eagle/software/krb5-strength/ > as a starting point; it contains password history functionality, but > doesn't provide it for use with MIT krb5. > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos Hello Greg,
Can you confirm that LDAP Backend password history will be implemented for 1.14 ? I see no mention of this implementation in http://k5wiki.kerberos.org/wiki/Release_1.14 Thanks ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
