Adding password-expiration LAST_REQ message.

Benjamin Kaduk kaduk at
Tue Mar 2 18:34:40 EST 2021

On Tue, Mar 02, 2021 at 05:59:15PM -0500, Ken Hornstein wrote:
> We have an old change to the MIT KDC that returns a password expiration
> time in the last-req field of the ticket.  It also includes a KDC
> configuration entry to specify a time limit for sending the message
> (like if the password expiration is occuring within a week).  The
> client support for this already exists in MIT Kerberos.  Would this
> change (cleaned up and documented) be welcome to be submitted?

This would be a new "lr-type" value?
IIRC control over such registrations has not yet passed to IANA, so there
would probably not be procedural hoops to getting a new type...


More information about the krbdev mailing list