Change password without default_realm fails
Greg Hudson
ghudson at MIT.EDU
Thu May 10 13:39:42 EDT 2012
On 04/25/2012 04:27 AM, Stef Walter wrote:
> When there is no default_realm in /etc/krb5.conf (or no config file at
> all), then changing the kerberos password fails.
Coincidentally, Kevin Wasserman reported this to krb5-bugs as issue #7127.
> Attached is a simple work around patch.
That patch would break the conditional in warn_pw_expiry() to not warn
if the password is being changed.
I've checked in a different minimally invasive fix (munge
"kadmin/changepw" to "kadmin/changepw@" in build_in_tkt_name()) and
marked it for backport.
> 1. Make krb5_parse_name_flags accept a new
> KRB5_PRINCIPAL_PARSE_IGNORE_REALM option which would accept
> principal name strings without a @REALM part.
I also implemented this, after rewriting krb5_parse_name (which had
grown too internally complicated to reasonably support a new feature).
That will allow any in_tkt_service to be used without a default realm,
and will be in 1.11.
More information about the krbdev
mailing list