Adding password-expiration LAST_REQ message.
kaduk at mit.edu
Tue Mar 2 18:34:40 EST 2021
On Tue, Mar 02, 2021 at 05:59:15PM -0500, Ken Hornstein wrote:
> We have an old change to the MIT KDC that returns a password expiration
> time in the last-req field of the ticket. It also includes a KDC
> configuration entry to specify a time limit for sending the message
> (like if the password expiration is occuring within a week). The
> client support for this already exists in MIT Kerberos. Would this
> change (cleaned up and documented) be welcome to be submitted?
This would be a new "lr-type" value?
IIRC control over such registrations has not yet passed to IANA, so there
would probably not be procedural hoops to getting a new type...
More information about the krbdev