Kerberos policies



© 2009 Dennis Leeuw dleeuw at made-it dot com

Index

    1. Introduction
      2.
    2. Add a policy
      3.
    3. List and view a policy
      4.
    4. User policies
      5.

Introduction

Policies within MIT kerberos define how passwords should be created within the Kerberos database. The different rules that apply to password policies are:

maxlife
Controls the maximum lifetime of a password
minlife
Controls the minimum lifetime of a password
minlength
The minimum length of a password
minclasses

The minimum amount of character classes that a password should comply to.

MIT Kerberos knows a maximum of 5 character classes:

history
The number of past keys kept for a principal

Add a policy

 
add_policy -minlength 8 -minclasses 3 admin
add_policy -minlength 8 -minclasses 4 host
add_policy -minlength 8 -minclasses 2 user

List and view a policy

 
listpols

Or list a subsection of the policies list: 

listpols a*


get_policy admin

User policies

 
addprinc -policy user root/admin

Or change the policy of a user: 

modprinc -policy admin root/admin