master_kdc vs krb5_get_init_creds_password vs NetIDMgr

Ken Raeburn raeburn at MIT.EDU
Sun Nov 5 22:55:51 EST 2006

On Nov 5, 2006, at 17:59, Jeffrey Altman wrote:
> When the "master_kdc" value is defined and the password is
> expired and a prompter function is provided, then
> krb5_get_init_creds_password will prompt the user to change
> the password.  If the "master_kdc" value is not defined
> and the password is expired, then the user is never prompted.

Maybe that's something we want to change.  After all, in the LDAP  
case, it would make sense for no KDC to be singled out as a  
"master".  Perhaps, if the password is expired, we should always  
attempt to change it?


More information about the krbdev mailing list