[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kadmind.acl question



Hi,

is there a way to disallow a user to set their own password via
"kadmin"?

Allowing a user to use "kadmin" instead of "kpasswd" circumvents
the password quality check configured in krb5.conf.

One way for this would be to have some sort of "negate" syntax in
kadmind.acl:
	*	NO cpw	*@FOO.COM

Another way would be to enforce the password_quality rules on the
"kadmin cpw" command for non-admin accounts.

BTW: I am running Heimdal-0.5.1 w/ kaserver support.

Many thanks,
                  Alf.

-----------------------------------------------------------------------
  Alf Wachsmann                       | e-mail: alfw@slac.stanford.edu
  SLAC Computing Service              | Phone:  +1-650-926-4802
  2575 Sand Hill Road, M/S 97         | FAX:    +1-650-926-3329
  Menlo Park, CA 94025, USA           | Office: Bldg. 50/323
-----------------------------------------------------------------------
                http://www.slac.stanford.edu/~alfw (PGP)
-----------------------------------------------------------------------