[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Password change?

Dne Wednesday 01 of February 2006 11:52 jste napsal(a):

> By the way, there's an outstanding bug that reports an internal error
> from kpasswdd when it does refuse `password reuse'.

And is changing kpasswdd.c around line 404 from:

        reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_HARDERROR,
                    "Internal error");


        reply_priv (auth_context, s, sa, sa_size, KRB5_KPASSWD_HARDERROR,
                    krb5_get_err_text(context, ret));

sufficient, or it can bring more problems?

> > And it seems to me that the whole [password_quality] section applies
> > not to password server, but the client.
> No, it runs on the server.  The interface for programming the checks
> doesn't give you access to the key set for the principal, though, just
> the new password (which you _could_ store between changes).  The
> ipropd log gives you access to key history where you could check for
> re-use, but probably not in a very convenient form.

Sorry, my bad, I ran kpasswdd with KRB5_CONFIG pointing to old configfile;)

Václav Hůla,
správce unixových serverů
Přírodovědecká fakulta
Univerzita Karlova v Praze