[29981] in Kerberos
RE: "Expiration" vs "Password Expiration"
daemon@ATHENA.MIT.EDU (Smith, Matt)
Tue Jun 17 17:14:44 2008
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 17 Jun 2008 17:14:00 -0400
Message-ID: <1975858073FA56489533973CC81B4D5303D55F33@EXCHANGEB.mgmt.ad.uconn.edu>
From: "Smith, Matt" <matt.smith@uconn.edu>
To: "Matthew J. Smith" <matt.smith@uconn.edu>, <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
All-
To reply to my own post, I found a seemingly related ticket in the krbdev RT - Ticket #5755. The patch included there uses the lesser of either client.pw_expiration or client.expiration, which does seem like it could confuse the end user, but otherwise does seem to correctly assign reply_encpart.key_exp.
So, now that the behavior has been confirmed for me, I am curious -- seeing this bug is >6 months old, and no responses to my question here, my guess is that no one really leverages the password expiration notices. Is it best-practice to use another notification method? Warning emails to the user, perhaps?
Thanks all,
-Matt
-----Original Message-----
From: kerberos-bounces@mit.edu on behalf of Matthew J. Smith
Sent: Tue 2008-06-17 08:38
To: kerberos@mit.edu
Subject: "Expiration" vs "Password Expiration"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All-
To nudge my post from last week, I'm wondering if someone can just
confirm what I'm seeing, or correct my understanding here.
I am using the MIT KDC 1.4.3, as included in Ubuntu LTS.
I am using the MIT kinit 1.6, as included in Ubuntu 8.0.4, but I also
see the same message from my XP workstation configured to use the KDC.
I modify the "expiration" and "password expiration" for the principal
"mas02041" as follows:
kadmin: modprinc -expire "7 day" -pwexpire "1 day" mas02041
Principal "mas02041@UCONN.EDU" modified.
kadmin: getprinc mas02041
Principal: mas02041@UCONN.EDU
Expiration date: Tue Jun 24 08:26:59 EDT 2008
...
Password expiration date: Wed Jun 18 08:26:59 EDT 2008
...
~$ kinit mas02041
Password for mas02041@UCONN.EDU:
Warning: Your password will expire in 6 days.
My expectation was that the password expiration message returned by
kinit would reflect the "Password Expiration", not the "Expiration", as
show in kadmin.
Is this a bug, a feature, an old version issue, or simply my own
misunderstanding or misconfiguration?
Thank you all,
- -Matt
- --
Matthew J. Smith
University of Connecticut ITS
matt.smith@uconn.edu
PGP KeyID: 0xE9C5244E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIV7AsGP63pOnFJE4RAuPYAKCEbbnsQLPU0VBLTaAv5JE/5/4x0ACgtVzB
CJr7UUCKwAk96kKrS3al01s=
=llW+
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
