Password changing for xdm
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Mar 21 12:06:48 EST 2003
>Its been awhile but last I checked xlockmore did not handle the case where
>the users passwd has expired while the screen was locked. Though I think it
>could readily, as the krb5 code it seems to me returns a error code about
>an expired passwd after its checked to see if the passwd matched.. that
>should be sufficient to let a user unlock his screen.
"Check the code". It works just fine (I specifically tested that case).
The problem with your suggestion is that you don't have the option on
the client to test against your old password; you get a "password expired"
error before you get to that stage.
>My thoughts on this were always that xlock (xlockmore whatever...) should
>not get _tickets_ for people, only authenticate them. I never felt that
>xlock(more) should get tickets for the user, though I think that is what
>their code does if I recall.
I agree, and that's why in the new xlockmore code that's controllable with a
configure option.
--Ken
More information about the Kerberos
mailing list