Access to client.pw_expiration

James F.Hranicky jfh at cise.ufl.edu
Wed Mar 5 09:39:35 EST 2003


I've patched my krb5 libraries and my kdc so that I can notify users of
impending password expiration as detailed in these messages:

   http://mailman.mit.edu/pipermail/krb5-bugs/2002-February/000012.html
   http://mailman.mit.edu/pipermail/kerberos/2002-August/001418.html

However, it seems that I can only retrieve the information in a few 
routines, like 

	krb5_get_init_creds_password
	krb5_get_init_creds

for instance. This works fine for kinit, but I plan on using a krb5 PAM
module for my initial Kerberos support, and the apps using the module
don't always seem to print out this information (xdm+PAM, for instance, 
though I could hack something in to the PAM_conv routine). 

Is there another way using the current credentials (avoiding yet another
password entry) to get the krb5_kdc_rep reply from the KDC which tells
of the impending password expiration? That way I could just run it from
the global tcshrc/zshrc . 

Thanks,

----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin                   UF/CISE Department |
| E314D CSE Building                            Phone (352) 392-1499 |
| jfh at cise.ufl.edu                      http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------


More information about the Kerberos mailing list