Access to client.pw_expiration
James F.Hranicky
jfh at cise.ufl.edu
Wed Mar 5 09:39:35 EST 2003
I've patched my krb5 libraries and my kdc so that I can notify users of
impending password expiration as detailed in these messages:
http://mailman.mit.edu/pipermail/krb5-bugs/2002-February/000012.html
http://mailman.mit.edu/pipermail/kerberos/2002-August/001418.html
However, it seems that I can only retrieve the information in a few
routines, like
krb5_get_init_creds_password
krb5_get_init_creds
for instance. This works fine for kinit, but I plan on using a krb5 PAM
module for my initial Kerberos support, and the apps using the module
don't always seem to print out this information (xdm+PAM, for instance,
though I could hack something in to the PAM_conv routine).
Is there another way using the current credentials (avoiding yet another
password entry) to get the krb5_kdc_rep reply from the KDC which tells
of the impending password expiration? That way I could just run it from
the global tcshrc/zshrc .
Thanks,
----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin UF/CISE Department |
| E314D CSE Building Phone (352) 392-1499 |
| jfh at cise.ufl.edu http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------
More information about the Kerberos
mailing list