[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Expiration times

To: heimdal-discuss@sics.se
Subject: Re: Expiration times
From: Buchan Milne <bgmilne@mandriva.org>
Date: Mon, 10 Dec 2007 23:21:41 +0200
In-Reply-To: <20071207.102356.210282700.haba@habanero.pdc.kth.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <AD35B26B-A7BD-4EB9-A484-AB78E5EFE1C8@kth.se> <A729E450-768B-42DC-963D-BCCFC5BA6937@kth.se> <20071207.102356.210282700.haba@habanero.pdc.kth.se>
Reply-To: heimdal-discuss@sics.se, Buchan Milne <bgmilne@mandriva.org>
User-Agent: KMail/1.9.7

On Friday 07 December 2007 11:23:56 Harald Barth wrote:

> I know that. I want to know if the user can get the expire date prior
> to the KDC having decided that it is now "soon" expired and somehow
> makes kinit warn about it.

If you're using hdb_ldap, and the user has access to the krb5PasswordEnd 
attribute for their account, yes. Whether this is convenient is another 
issue.

$ ldapsearch -LLL "(uid=bgmilne)" krb5PasswordEnd
SASL/GSSAPI authentication started
SASL username: bgmilne@RANGER.DNSALIAS.COM
SASL SSF: 56
SASL installing layers
dn: uid=bgmilne,ou=People,dc=ranger,dc=dnsalias,dc=com
krb5PasswordEnd: 20080106065926Z

> I want to know if any of the graphical X11 login thingies have the
> kinit warning functionality (the expired "soon" warning feature).

kdm warns me on login, just like the KDE screensaver warns me when I unlock 
the screensaver:

http://staff.telkomsa.net/~bgmilne/heimdal-kde-expiry-warning.png
http://staff.telkomsa.net/~bgmilne/heimdal-kde-expiry-warning1.png

Regards,
Buchan

References:
- Re: Expiration times
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: Expiration times
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: Expiration times
  - From: Harald Barth <haba@kth.se>

Prev by Date: heimdal 1.0.2RC6
Next by Date: MIT AD Trust PAC handling
Prev by thread: Re: Expiration times
Next by thread: No Subject
Index(es):
- Date
- Thread