Password Expiration notifications
Matthew J. Smith
matt.smith at uconn.edu
Mon Apr 3 15:58:01 EDT 2006
Hello all,
I am using MIT Krb5 1.4.3, and am looking to send an email
notification to my users 14 days before their passwords expire. I have
cobbled together a Proof-of-Concept using kadmin -q "getprinc -terse" to
scrape the password expiration date from each principal. The PoC works,
but seems "inefficient", requiring a getprinc to the KDC for each princ
returned by listprincs. Is there a better way? Is there a way to query
the KDC for a list of users whose password is about to expire? Or at
least, is there a kadm5_get_principals call that will return an array of
principal structures (instead of just a string[] of names), which I can
just iterate over locally, looking at expiration timestamps?
Thank you for any insight you can offer,
-Matt
---
matt.smith at uconn.edu
University of Connecticut ITS
More information about the Kerberos
mailing list