Re: Converting kaserver DB to Heimdal

["Henry B. Hotz" <hotz@jpl.nasa.gov>]

At 1:55 PM +0200 10/8/03, Andreas Haupt wrote:
>On Tue, 7 Oct 2003, Alf Wachsmann wrote:
>
>>  Hi,
>>
>>  we are in the process of migrating from AFS' kaserver to Heimdal's KDC.
>>  In this process, we have converted our kaserver DB to the KDC format
>>  using the recipe from (e.g.)
>  > https://lists.openafs.org/pipermail/openafs-info/2002-May/004326.html
>>
>>  While converting all our administration tools, we have discovered that
>>  the time a principal changed his/her/its password is _not_ carried over
>>  from the kaserver DB. This seems by design after looking at the
>>  hprop/hpropd source code.
>
>This would be nice if it worked. The other problem is: even if you got
>hprop to preserve the time of the last password changing, kpasswdd does
>not update this field any more. It always remains (in kadmin):
>
>Last password change: never
>
>This problem isn't solved with Heimdal 0.6.

Woa doggies!

We don't currently do password expiration and I was counting on that 
feature working.  I know you can set expiration times.

I don't need counts of failed logins and such, but I do need to be 
able to manually expire accounts and I need to enforce password 
aging.  How much of that stuff is implemented/enforced, and would it 
be a big deal to add what isn't there?
-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu