Expired passwords and tickets
Mauricio Tavares
raubvogel at gmail.com
Fri Sep 9 11:38:20 EDT 2011
Let's say I have user principal passwords set to expire after X months. So,
o To renew/change a user principal password before it expires, the
said user must have a ticket, right?
o A user should be able to change the user principal password in, say,
a Mac without much fuss. What if user is in a Windows box which
connected to the KDC using the Microsoft kerberos stack (as opposite
to KFW)?
o If the password has expired, is the only way to renew it to login as
an admin and change it?
o Is there a way to reminding user of impending doom, i.e. of password
expiration date steadily approaching?
Now, talking about the tickets themselves,if user is connected to NFS
server and ticket expires, what happens? Are the mountpoints suddenly
unreachable?
More information about the Kerberos
mailing list