Password Expiration notifications
Matthew J. Smith
matt.smith at uconn.edu
Wed Apr 5 14:20:49 EDT 2006
Thanks for the response!
James J. Barlow wrote:
> Any reason you wouldn't want to run it on a KDC?
Good question! It is purely a matter of preference for me, as this code
will be part of my larger set of "provisioning" code, which I prefer to
run on a separate application server. I'm sure I could move this module
to the KDC, and establish some sort of communication channel (via SSH or
some-such), but it would be less work for me to simply use my PoC
"kadmin -q listprincs ... | foreach princ kadmin -q getprinc -terse
$princ ... | awk {print ... " remotely, and deal with the 90 minutes it
takes to run.
Thank you again -- any further thoughts and comments are certainly welcome,
-Matt
Matthew J. Smith
matt.smith at uconn.edu
University of Connecticut ITS
More information about the Kerberos
mailing list