[krbdev.mit.edu #2676] feature proposal - programmatic retrieval of password expiry
Paul Moore via RT
rt-comment at krbdev.mit.edu
Fri Aug 20 21:09:09 EDT 2004
Today get_init_creds_password will tell the user if their password will
expire but only via hard-coded messages sent via the prompter. It is
useful for applications that dont the prompting themselves to retrieve
the password expiry time so that they can deal with it in an app
specifiy way (configurable warning window, offer the user tthe choice to
change now, ...)
To this end we have added a secondary entry point to gig_pwd.c;
get_init_creds_password_expiry that takes an int* that gets populated
with the expiry time.
Is this a useful feature. Would you like the diffs?
An alternaitive approach is to fake up a prompter and parse the ascii
text. There is one major problem with this - the expiry warnings are not
generated until 7 days before expiry (in 1.3.4), so we cannot see this
data before that (to warn 10 days in advance for example). Also parsing
text that may or may not get sent is pretty klunky
More information about the krb5-bugs
mailing list