Password changing hook in kadmind

John Hascall john at
Fri May 23 17:53:02 EDT 2003

> Hi.  I understand that there are various patches out there that add a
> hook to call some external program during the password changing
> process either for password synchronization with non-Kerberos
> solutions or for password quality checking.

My patch doesn't call a program, it writes a file for each transaction
which a separate program can deal with.  As I recall there are 4
points in the kadmin library you need to hook into (create, modify,
delete principal, change password).  I didn't include any policy
change hooks because we don't make much use of policies yet.

I know UMich has done a similar thing.

> Are any of these patches of sufficient quality that we should look at
> taking one of them?

You could probably implement it from scratch just as quick.


More information about the krbdev mailing list