Improved support for password/principal expiration

Raymond M Schneider ray at securityfoo.net
Fri May 2 11:26:10 EDT 2003


On Fri, May 02, 2003 at 10:29:44AM -0400, James F.Hranicky wrote:
> On Fri, 2 May 2003 10:02:32 -0400
> Raymond M Schneider <ray at securityfoo.net> wrote:
> 
> > I seem to recall someone telling me that even though passwd expiration
> > notification was broken in the 1.2.* codebase, that it had been fixed
> > in the 1.3.* code base? still true? 
> 
> AFAICT, the bug that prevents notification on the client side has been fixed,
> but there's still only one field "key_exp" in struct _krb5_enc_kdc_rep_part
> that allows for an expiration date. 
> 

right.

> do_as_req.c still shows only 
> 
> 	reply_encpart.key_exp = client.expiration;
> 
> and there's no code setting any field in reply_encpart to the value of
> client.pw_expiration . 
>

right. im with ya. 


More information about the Kerberos mailing list