[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Pre-Expired Passwords

I don't know how MIT does this, but it would be nice to create some new  
principals with a "must change" status.  In other words the only thing  
they are good for is changing the password, giving them a normal status  
after that.

An obvious way (to me) to do this would be to special-case the AS-REQ  
processing for kadmin/changepw so it won't fail if the principal has an  
expired password (if everything else is OK).  Then the user can use the  
password change service, but nothing else.  If they change their  
password then I think the existing code would just compute a new  
expiration date and everything becomes normal.

Problems?  Better way to do it?  Heimdal already has a way to do it I  
don't know about?
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu