[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kadmind.acl question

To: heimdal-discuss@sics.se
Subject: kadmind.acl question
From: Alf Wachsmann <alfw@SLAC.Stanford.EDU>
Date: Wed, 04 Dec 2002 15:18:43 -0800 (PST)
Sender: owner-heimdal-discuss@sics.se

Hi,

is there a way to disallow a user to set their own password via
"kadmin"?

Allowing a user to use "kadmin" instead of "kpasswd" circumvents
the password quality check configured in krb5.conf.

One way for this would be to have some sort of "negate" syntax in
kadmind.acl:
	*	NO cpw	*@FOO.COM

Another way would be to enforce the password_quality rules on the
"kadmin cpw" command for non-admin accounts.

BTW: I am running Heimdal-0.5.1 w/ kaserver support.

Many thanks,
                  Alf.

-----------------------------------------------------------------------
  Alf Wachsmann                       | e-mail: alfw@slac.stanford.edu
  SLAC Computing Service              | Phone:  +1-650-926-4802
  2575 Sand Hill Road, M/S 97         | FAX:    +1-650-926-3329
  Menlo Park, CA 94025, USA           | Office: Bldg. 50/323
-----------------------------------------------------------------------
                http://www.slac.stanford.edu/~alfw (PGP)
-----------------------------------------------------------------------

Prev by Date: krb5_addr2sockaddr problems
Next by Date: Re: init REALM with backend ldap
Prev by thread: krb5_addr2sockaddr problems
Next by thread: Re: init REALM with backend ldap
Index(es):
- Date
- Thread