"Expiration" vs "Password Expiration"

Smith, Matt matt.smith at uconn.edu
Tue Jun 17 17:14:00 EDT 2008


All-

  To reply to my own post, I found a seemingly related ticket in the krbdev RT - Ticket #5755.  The patch included there uses the lesser of either client.pw_expiration or client.expiration, which does seem like it could confuse the end user, but otherwise does seem to correctly assign reply_encpart.key_exp.

  So, now that the behavior has been confirmed for me, I am curious -- seeing this bug is >6 months old, and no responses to my question here, my guess is that no one really leverages the password expiration notices.  Is it best-practice to use another notification method?  Warning emails to the user, perhaps?

Thanks all,
-Matt

-----Original Message-----
From: kerberos-bounces at mit.edu on behalf of Matthew J. Smith
Sent: Tue 2008-06-17 08:38
To: kerberos at mit.edu
Subject: "Expiration" vs "Password Expiration"
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All-
  To nudge my post from last week, I'm wondering if someone can just
confirm what I'm seeing, or correct my understanding here.

  I am using the MIT KDC 1.4.3, as included in Ubuntu LTS.

  I am using the MIT kinit 1.6, as included in Ubuntu 8.0.4, but I also
see the same message from my XP workstation configured to use the KDC.

  I modify the "expiration" and "password expiration" for the principal
"mas02041" as follows:

kadmin: modprinc -expire "7 day" -pwexpire "1 day" mas02041
Principal "mas02041 at UCONN.EDU" modified.

kadmin:  getprinc mas02041
Principal: mas02041 at UCONN.EDU
Expiration date: Tue Jun 24 08:26:59 EDT 2008
...
Password expiration date: Wed Jun 18 08:26:59 EDT 2008
...


~$ kinit mas02041
Password for mas02041 at UCONN.EDU:
Warning: Your password will expire in 6 days.



My expectation was that the password expiration message returned by
kinit would reflect the "Password Expiration", not the "Expiration", as
show in kadmin.

Is this a bug, a feature, an old version issue, or simply my own
misunderstanding or misconfiguration?

Thank you all,
- -Matt

- --
Matthew J. Smith
University of Connecticut ITS
matt.smith at uconn.edu
PGP KeyID: 0xE9C5244E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIV7AsGP63pOnFJE4RAuPYAKCEbbnsQLPU0VBLTaAv5JE/5/4x0ACgtVzB
CJr7UUCKwAk96kKrS3al01s=
=llW+
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos





More information about the Kerberos mailing list