Password changing for xdm
Raymond M Schneider
ray at securityfoo.net
Fri Mar 21 10:36:10 EST 2003
On Fri, Mar 21, 2003 at 10:11:38AM -0500, Ken Hornstein wrote:
> >> Heh. You see why I choose to make xlock use the Kerberos call directly?
> >
> >Yep -- were these patches submitted to the XFree86 xlock or xlockmore?
> >Where could I find them?
>
> xlockmore; if you go to the xlockmore site and download the latest snapshot,
> they should be in there.
Its been awhile but last I checked xlockmore did not handle the case where
the users passwd has expired while the screen was locked. Though I think it
could readily, as the krb5 code it seems to me returns a error code about
an expired passwd after its checked to see if the passwd matched.. that
should be sufficient to let a user unlock his screen.
My thoughts on this were always that xlock (xlockmore whatever...) should
not get _tickets_ for people, only authenticate them. I never felt that
xlock(more) should get tickets for the user, though I think that is what
their code does if I recall.
--ray
More information about the Kerberos
mailing list