[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: why heimdal over MIT?

2003-03-17, h keltezéssel Luke Howard ezt írta:
> >Bad point: Policies (pasword lifetime, password rules etc.) are
> >incompletely or weirdly implemented but nothing that can be cured by
> >some C coding.
> Heimdal does support dynamic loading of password quality plugins. See
> lib/kadm5/password_quality.c.
> We use such a plugin not only to test password quality but to
> synchronize Kerberos keys with an LDAP directory.

I wrote a plugin also, to synchronize Kerberos keys with arbitrary
programs with libexpect.

I yust uploaded it to

cvs at

sample script for smbpasswd:

# heimdal pwexport script for smbpasswd
# List of the presetted variables:
# macros:
# user data:
#set princ_name "balsa"
#set princ_password "secret"
#set princ_instance ""
#set princ_realm "BALSA'S.REALM"

# don't forget this line
set timeout 10

if {$princ_instance == "" && $princ_realm == "YOUR.REALM"} {
    spawn -noecho /usr/bin/smbpasswd $princ_name
    expect "New SMB password:"
    send "$princ_password\r"
    expect "Retype new SMB password:"
    send "$princ_password\r"
    expect {
        "Password changed for user $princ_name"
                {set return_value $PWEXP_SUCCES}
        "Failed to find entry for user $princ_name"
                {set return_value $PWEXP_USER_UNKNOWN}
        default {set return_value $PWEXP_SYSTEM_ERR}
} else {
    set return_value $PWEXP_USER_UNKNOWN