Difference between 'expiration date' and 'Password expiration date'?

Turbo Fredriksson turbo at bayour.com
Wed Mar 19 02:16:42 EST 2003


Quoting Jen Selby <jenselby at MIT.EDU>:

> > If I'm right, why would I want to expire the whole principal!?
> 
> If you know that at a certain time, the individual with that principal
> is going to be leaving your company/school/whatever, this is a good way
> to ensure that they can no longer authenticate to your KDC after that
> time.

Quoting Ken Hornstein <kenh at cmf.nrl.navy.mil>:

> >If I'm right, why would I want to expire the whole principal!?
> 
> You're right.  I don't think most people would expire principals, but I
> could think of a few reasons.  For example, if you charged for accounts, you
> might tie the expiration date to when the money for the account ran out.

Why would I expire the PRINCIPAL, when I solve the above issue by expiring the
password? If the password is expired, the account can't be used... I'm not
getting it...


More information about the Kerberos mailing list