New issue and fix for kadmin(.local)
Peter Shoults
Peter.Shoults at sun.com
Thu Feb 11 16:42:35 EST 2010
Hi,
I have a customer who opened up an issue where they want to be able to
set the policy options -minlife and -maxlife back to the default values
of "0". Currently, if you create and set either of these policy
options, there is no way to set it back to zero. The issue for the
customer is they wanted to turn off (set back to default) one of these
options and they could not without first having to modprinc all users
who used the policy, then delpol the policy and then create it again
without modifying the option in question and then modprinc all the users
to use the new policy.
I have come up with a fix, and would like to ask for your comments on
this fix - specifically with regard to the value I am passing to the
modpol command. Here is the syntax I have coded up for this modpol command:
modpol -minlife 0 1daypol
I choose "0" as that is the default value for this option. However, I
realize that some folks may have an issue with passing "0", and would
rather see something like
modpol -minlife default 1daypol
OR
modpol -minlife none 1daypol
Attached is my pdiff of my proposed change.
Thanks
Peter
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pdiff
Url: http://mailman.mit.edu/pipermail/krbdev/attachments/20100211/875e200d/attachment.bat
More information about the krbdev
mailing list