Kerberos policies



© 2009 Dennis Leeuw dleeuw at made-it dot com

Kerberos policy management

Policies within MIT kerberos define how passwords should be created within the Kerberos database. The different rules that apply to password policies are:

maxlife
Controls the maximum lifetime of a password
minlife
Controls the minimum lifetime of a password
minlength
The minimum length of a password
minclasses

The minimum amount of character classes that a password should comply to.

MIT Kerberos knows a maximum of 5 character classes:

history
The number of past keys kept for a principal

Adding a policy

add_policy -minlength 8 -minclasses 3 admin
add_policy -minlength 8 -minclasses 4 host
add_policy -minlength 8 -minclasses 2 user

List all policies

listpols

Or list a subsection of the policies list:

listpols a*

List settings for a policy

get_policy admin

Create a user with a policy

addprinc -policy user root/admin

Or change the policy of a user:

modprinc -policy admin root/admin