New issue and fix for kadmin(.local)
Will Fiveash
William.Fiveash at sun.com
Thu Feb 11 18:16:10 EST 2010
On Thu, Feb 11, 2010 at 04:42:35PM -0500, Peter Shoults wrote:
> Hi,
>
> I have a customer who opened up an issue where they want to be able to
> set the policy options -minlife and -maxlife back to the default values
> of "0". Currently, if you create and set either of these policy
> options, there is no way to set it back to zero. The issue for the
> customer is they wanted to turn off (set back to default) one of these
> options and they could not without first having to modprinc all users
> who used the policy, then delpol the policy and then create it again
> without modifying the option in question and then modprinc all the users
> to use the new policy.
>
> I have come up with a fix, and would like to ask for your comments on
> this fix - specifically with regard to the value I am passing to the
> modpol command. Here is the syntax I have coded up for this modpol command:
>
> modpol -minlife 0 1daypol
>
> I choose "0" as that is the default value for this option. However, I
> realize that some folks may have an issue with passing "0", and would
> rather see something like
>
> modpol -minlife default 1daypol
>
> OR
>
> modpol -minlife none 1daypol
I like either 0 or "none" as args for either -minlife or -maxlife (maybe
"none" could be an alias for 0).
--
Will Fiveash
Sun Microsystems Office x64079/512-401-1079
Austin, TX, 78727 (TZ=CST6CDT), USA
Internal Solaris Kerberos/GSS/SASL website: http://kerberos.sfbay.sun.com
http://opensolaris.org/os/project/kerberos/
More information about the krbdev
mailing list