Re: Pre-Expired Passwords

["Henry B. Hotz" <hotz@jpl.nasa.gov>]

New in 0.7?  For 0.6.3:

> > kpasswd
> hotz@JPL.NASA.GOV's Password:
> kpasswd: krb5_get_init_creds: Password has expired
> > which kpasswd
> /usr/heimdal/bin/kpasswd
> > krb5-config --version
> heimdal 0.6.3
> $Id: krb5-config.in,v 1.9 2002/09/09 22:29:06 joda Exp $
> >

and

> kadmin> get hotz
>                Principal: hotz@JPL.NASA.GOV
>        Principal expires: never
>         Password expires: 2004-10-09 23:00:00 UTC
. . .

I looked in kdc/kerberos5.c in 0.7 and didn't see any special casing.   
Suppose I missed something.

On Oct 5, 2005, at 6:47 AM, Love Hörnquist Åstrand wrote:

>
>>>> In other words the only thing
>>>> they are good for is changing the password, giving them a normal
>>>> status
>>>> after that.
>>>
>>> i used to do this by setting the password-expiration to some date
>>> already past (e.g., 2000-01-01), which is, yes, a kludge
>>
>> Should I interpret this as 1) Heimdal already supports this, or 2) MIT
>> already supports this (and it makes sense to add it to Heimdal)?
>
> It works in Heimdal. There is no flag, just set the password expiry to
> sometime in the past.
>
> Love
>
>
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu