[krbdev.mit.edu #8427] kadmind minimum life check fails for nonexistent policies
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue Jun 7 14:33:09 EDT 2016
In kadmind, when a principal performs a self-service key change (randkey or
chpass), we look up the principal's policy and check the minimum password
lifetime. This check currently fails if the policy does not exist, which
contradicts the intent of #7385. We should relax check_min_life() to
succeed if kadm5_get_policy() returns KADM5_UNK_POLICY.
Reported by John Devitofranceschi.
More information about the krb5-bugs
mailing list