[29090] in Kerberos
password expiry for a principal
daemon@ATHENA.MIT.EDU (Coy Hile)
Thu Jan 17 23:11:05 2008
Date: Thu, 17 Jan 2008 22:54:53 -0500 (EST)
From: Coy Hile <coy.hile@coyhile.com>
To: kerberos@mit.edu
Message-ID: <Pine.GSO.4.61.0801172250190.9003@supergrover.coyhile.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi all,
Is there any good way to make sure that a user will be prompted to change
his password the next time he authenticates as a given principal.
My first attempt was via setting the needchange flag on a test principal,
but then I am unable to authenticate as that princpal in the first place:
kadmin: modprinc +needchange cah220
Principal "cah220@COYHILE.COM" modified.
kadmin: quit
[22:53:31]supergrover:~ % kinit cah220
kinit(v5): Password has expired while getting initial credentials
[22:53:37]supergrover:~ %
For what it's worth, I'm using an MIT kdc (actually SEAM).
--
Coy Hile
coy.hile@coyhile.com
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
