|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Tue, 2 Mar 2021 16:13:34 -0800 From: Benjamin Kaduk <kaduk@mit.edu> To: Ken Hornstein <kenh@cmf.nrl.navy.mil> Message-ID: <20210303001334.GN21@kduck.mit.edu> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <202103030004.12303xgX030756@hedwig.cmf.nrl.navy.mil> Cc: krbdev@mit.edu Content-Type: text/plain; charset="iso-8859-1" Errors-To: krbdev-bounces@mit.edu Content-Transfer-Encoding: 8bit On Tue, Mar 02, 2021 at 07:05:20PM -0500, Ken Hornstein wrote: > >On Tue, Mar 02, 2021 at 05:59:15PM -0500, Ken Hornstein wrote: > >> We have an old change to the MIT KDC that returns a password expiration > >> time in the last-req field of the ticket. It also includes a KDC > >> configuration entry to specify a time limit for sending the message > >> (like if the password expiration is occuring within a week). The > >> client support for this already exists in MIT Kerberos. Would this > >> change (cleaned up and documented) be welcome to be submitted? > > > >This would be a new "lr-type" value? > > Not at all. An appropriate lr-type already exists in both the > RFC and the MIT source code. See §5.4.2 of RFC 4120, under > lr-type (6). And see the MIT source code for the preprocessor > value KRB5_LRQ_ALL_PW_EXPTIME (and the client side code in > lib/krb5/krb/gic_pwd.c). Like I said, the CLIENT code is already there; > the missing piece is on the KDC side. ... apparently I flat-out missed the last two sentences of that paragraph. Oops. Thanks for setting me straight. -Ben _______________________________________________ krbdev mailing list krbdev@mit.edu https://mailman.mit.edu/mailman/listinfo/krbdev
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |