A dictionary file can be used by the Kerberos service to prevent words in the dictionary from being used as passwords for new credentials. Preventing the use of dictionary terms as passwords makes it harder for someone else to guess any password. By default, the /var/krb5/kadm5.dict file is used, but it is empty.
You need to add a line to the KDC configuration file, kdc.conf to instruct the service to use a dictionary file. In this example, the administrator uses the dictionary that is included with the spell utility, then restarts the Kerberos services. For a full description of the configuration file, see the kdc.conf(4) man page.
kdc1 # pfedit /etc/krb5/kdc.conf [kdcdefaults] kdc_ports = 88,750 [realms] EXAMPLE.COM = { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s sunw_dbprop_enable = true sunw_dbprop_master_ulogsize = 1000 dict_file = /usr/share/lib/dict/words } kdc1 # kdc1 # svcadm restart -r network/security/krb5kdc kdc1 # svcadm restart -r network/security/kadmin