[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Converting kaserver DB to Heimdal
At 1:55 PM +0200 10/8/03, Andreas Haupt wrote:
>On Tue, 7 Oct 2003, Alf Wachsmann wrote:
>> we are in the process of migrating from AFS' kaserver to Heimdal's KDC.
>> In this process, we have converted our kaserver DB to the KDC format
>> using the recipe from (e.g.)
> > https://lists.openafs.org/pipermail/openafs-info/2002-May/004326.html
>> While converting all our administration tools, we have discovered that
>> the time a principal changed his/her/its password is _not_ carried over
>> from the kaserver DB. This seems by design after looking at the
>> hprop/hpropd source code.
>This would be nice if it worked. The other problem is: even if you got
>hprop to preserve the time of the last password changing, kpasswdd does
>not update this field any more. It always remains (in kadmin):
>Last password change: never
>This problem isn't solved with Heimdal 0.6.
We don't currently do password expiration and I was counting on that
feature working. I know you can set expiration times.
I don't need counts of failed logins and such, but I do need to be
able to manually expire accounts and I need to enforce password
aging. How much of that stuff is implemented/enforced, and would it
be a big deal to add what isn't there?
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or email@example.com