Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

Using a Dictionary File to Increase Password Security

A dictionary file can be used by the Kerberos service to prevent words in the dictionary from being used as passwords for new credentials. Preventing the use of dictionary terms as passwords makes it harder for someone else to guess any password. By default, the /var/krb5/kadm5.dict file is used, but it is empty.

You need to add a line to the KDC configuration file, kdc.conf to instruct the service to use a dictionary file. In this example, the administrator uses the dictionary that is included with the spell utility, then restarts the Kerberos services. For a full description of the configuration file, see the kdc.conf(4) man page.

kdc1 # pfedit /etc/krb5/kdc.conf
kdc_ports = 88,750

profile = /etc/krb5/krb5.conf
database_name = /var/krb5/principal
acl_file = /etc/krb5/kadm5.acl
kadmind_port = 749
max_life = 8h 0m 0s
max_renewable_life = 7d 0h 0m 0s
sunw_dbprop_enable = true
sunw_dbprop_master_ulogsize = 1000
dict_file = /usr/share/lib/dict/words
kdc1 #
kdc1 # svcadm restart -r network/security/krb5kdc
kdc1 # svcadm restart -r network/security/kadmin