master_kdc vs krb5_get_init_creds_password vs NetIDMgr
Jeffrey Altman
jaltman at secure-endpoints.com
Sun Nov 5 20:59:45 EST 2006
I've been trying to find the cause of reported problem
in NetIDMgr for the last few weeks that I have tracked
down to the behavior of krb5_get_init_creds_password
depending upon whether or not a "master_kdc" value is available.
When the "master_kdc" value is defined and the password is
expired and a prompter function is provided, then
krb5_get_init_creds_password will prompt the user to change
the password. If the "master_kdc" value is not defined
and the password is expired, then the user is never prompted.
The reason this matters is that the "change password" dialog
produced by NetIDMgr in the two cases are different. What
I need is a method to disable the password change prompting
at run time. For example,
krb5_get_init_creds_opt_set_change_password_prompting()
This doesn't impact KFM because it compiles the code with
USE_LOGIN_LIBRARY which effectively skips disables the prompting.
Is this something we can add for 1.6?
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20061105/778cdd98/attachment.bin
More information about the krbdev
mailing list