Password Expiration notifications

Matthew J. Smith matt.smith at uconn.edu
Tue Apr 4 09:44:45 EDT 2006


Thank you for the responses so far.  I've received a few suggestions
that I use the dump file to gather my information, and I may go down
that road.  However, I am still interested if anyone has implemented
anything using the kadmin protocol, so that the code does not need any
local access to the KDC.  Any comments?

Thank you all,
-Matt

Matthew J. Smith wrote:
> Hello all,
> 
>   I am using MIT Krb5 1.4.3, and am looking to send an email
> notification to my users 14 days before their passwords expire.  I have
> cobbled together a Proof-of-Concept using kadmin -q "getprinc -terse" to
> scrape the password expiration date from each principal.  The PoC works,
> but seems "inefficient", requiring a getprinc to the KDC for each princ
> returned by listprincs.  Is there a better way?  Is there a way to query
> the KDC for a list of users whose password is about to expire?  Or at
> least, is there a kadm5_get_principals call that will return an array of
> principal structures (instead of just a string[] of names), which I can
> just iterate over locally, looking at expiration timestamps?
> 
> Thank you for any insight you can offer,
> -Matt
> 
> ---
> matt.smith at uconn.edu
> University of Connecticut ITS
> 	
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 




More information about the Kerberos mailing list