Debian Bug report logs - #665446
gosa+kerberos should enforce correct passwords

version graph

Package: debian-edu-config; Maintainer for debian-edu-config is Debian Edu Developers <[email protected]>; Source for debian-edu-config is src:debian-edu-config (PTS, buildd, popcon).

Reported by: Holger Levsen <[email protected]>

Date: Sat, 24 Mar 2012 10:39:02 UTC

Severity: wishlist

Found in version debian-edu-config/1.453

Full log

🔗 View this message in rfc822 format

X-Loop: [email protected]
Subject: Bug#665446: gosa+kerberos should enforce correct passwords
Reply-To: Holger Levsen <[email protected]>, [email protected]
Resent-From: Holger Levsen <[email protected]>
Resent-To: [email protected]
Resent-CC: [email protected]
X-Loop: [email protected]
Resent-Date: Sat, 24 Mar 2012 10:39:02 +0000
Resent-Message-ID: <[email protected]>
Resent-Sender: [email protected]
X-Debian-PR-Message: followup 665446
X-Debian-PR-Package: debian-edu.config
X-Debian-PR-Keywords: 
Received: via spool by [email protected] id=B.133258531523710
          (code B ref -1); Sat, 24 Mar 2012 10:39:02 +0000
Received: (at submit) by bugs.debian.org; 24 Mar 2012 10:35:15 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.1-bugs.debian.org_2005_01_02
	(2010-03-16) on busoni.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-9.9 required=4.0 tests=BAYES_00,FOURLA,HAS_PACKAGE
	autolearn=ham version=3.3.1-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 15; hammy, 150; neutral, 34; spammy,
	0. spammytokens: hammytokens:0.000-+--H*UA:1.13.5, 0.000-+--H*u:1.13.5,
	0.000-+--H*UA:4.4.5, 0.000-+--H*u:4.4.5, 0.000-+--reinholdtsen
Received: from mail.holgerlevsen.de ([62.201.164.66] helo=alpha.holgerlevsen.de)
	by busoni.debian.org with esmtp (Exim 4.72)
	(envelope-from <[email protected]>)
	id 1SBOJN-00069Z-34
	for [email protected]; Sat, 24 Mar 2012 10:35:14 +0000
Received: from localhost (alpha.holgerlevsen.de [62.201.164.66])
	by alpha.holgerlevsen.de (Postfix) with ESMTP id 3A88ECACBEA
	for <[email protected]>; Sat, 24 Mar 2012 11:35:01 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at alpha.holgerlevsen.de
Received: from alpha.holgerlevsen.de ([62.201.164.66])
	by localhost (mail.holgerlevsen.de [62.201.164.66]) (amavisd-new, port 10024)
	with ESMTP id W+k8rMqiL4g0 for <[email protected]>;
	Sat, 24 Mar 2012 11:35:00 +0100 (CET)
Received: from matrix.localnet (epsilon.holgerlevsen.de [62.201.164.82])
	by alpha.holgerlevsen.de (Postfix) with ESMTP id A2721CACA7E
	for <[email protected]>; Sat, 24 Mar 2012 11:35:00 +0100 (CET)
From: Holger Levsen <[email protected]>
To: [email protected]
Date: Sat, 24 Mar 2012 11:34:57 +0100
User-Agent: KMail/1.13.5 (Linux/3.2.0-0.bpo.2-686-pae; KDE/4.4.5; i686; ; )
References: <[email protected]> <[email protected]> <[email protected]>
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Message-Id: <[email protected]>
Delivered-To: [email protected]

package: debian-edu.config
version: 1.453

Hi Wolfgang, 

thanks for confirming and providing more info.

On Samstag, 24. März 2012, Wolfgang Schweer wrote:
> On Sat, Mar 24, 2012 at 09:23:42AM +0100, Holger Levsen wrote:
> > On Freitag, 23. März 2012, Petter Reinholdtsen wrote:
> > > Could the problem be that the passwords are too short?  Kerberos
> > > rejects passwords shorter than 6 characters.
> > 
> > if thats not enforced in gosa, it should be.
> 
> Providing too short passwords reproduces the problem. GOsa² accepts
> giving feedback 'ok' (LDAP Manager). Same providing too short pw
> manually.
> 
> One more trap:
> 
> Option minclasses isn't, but should be checked, too.
> 
> --------------- snip kerberos-kdc-init ------------------------
> # Kerberos policy setup
> kadmin.local -q "addpol -maxlife \"2 days\" -minlength 5 users"
> kadmin.local -q "addpol -minclasses 2 hosts"

> ---------------------------------------------------------------
> 
> Wouldn't it be better to have something like this:
> 
> kadmin.local -q "addpol -minlength 6 -minclasses 2 users"
> kadmin.local -q "addpol -minlength 4 -minclasses 2 hosts"


cheers,
	Holger

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Tue May 13 11:21:59 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.