[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Pre-Expired Passwords

To: heimdal-discuss@sics.se
Subject: Pre-Expired Passwords
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Mon, 3 Oct 2005 15:52:47 -0700
Sender: owner-heimdal-discuss@sics.se

I don't know how MIT does this, but it would be nice to create some new  
principals with a "must change" status.  In other words the only thing  
they are good for is changing the password, giving them a normal status  
after that.

An obvious way (to me) to do this would be to special-case the AS-REQ  
processing for kadmin/changepw so it won't fail if the principal has an  
expired password (if everything else is OK).  Then the user can use the  
password change service, but nothing else.  If they change their  
password then I think the existing code would just compute a new  
expiration date and everything becomes normal.

Problems?  Better way to do it?  Heimdal already has a way to do it I  
don't know about?
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: Pre-Expired Passwords
  - From: Buck Huppmann <buckh@pobox.com>

Prev by Date: Re: linking heimdal to an openssl library other than the one in thedefault search path.
Next by Date: please respond.
Prev by thread: Re: krb5.conf question
Next by thread: Re: Pre-Expired Passwords
Index(es):
- Date
- Thread