master_kdc vs krb5_get_init_creds_password vs NetIDMgr
raeburn at MIT.EDU
Sun Nov 5 22:55:51 EST 2006
On Nov 5, 2006, at 17:59, Jeffrey Altman wrote:
> When the "master_kdc" value is defined and the password is
> expired and a prompter function is provided, then
> krb5_get_init_creds_password will prompt the user to change
> the password. If the "master_kdc" value is not defined
> and the password is expired, then the user is never prompted.
Maybe that's something we want to change. After all, in the LDAP
case, it would make sense for no KDC to be singled out as a
"master". Perhaps, if the password is expired, we should always
attempt to change it?
More information about the krbdev