[557] in Kerberos
[bbrown@decvax.dec.com: password database]
daemon@TELECOM.MIT.EDU (John T Kohl)
Mon Dec 19 09:46:21 1988
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: kerberos@ATHENA.MIT.EDU
[This has been edited slightly to remove personal comments...]
------- Forwarded Message
To: jtkohl@ATHENA.MIT.EDU
Cc: crl%treese.enet@decwrl.dec.com, williams@decvax.dec.com
Subject: password database
Date: Fri, 16 Dec 88 18:35:03 EST
From: bbrown@decvax.dec.com
Hi,
... How do you feel about modifying the kerberos database so
that the database can record information about password modification
time and minimum and maximum password life? This information is used
to expire passwords as well as to prevent a user from changing his
password and then immediately changing it back to its original value.
... [Sensitive information dealing with C2 requirements] does not have a
direct bearing on authentication, unlike the above password
information, but it is extremely sensitive. Could the Kerberos
database be changed and a library call added so that sensitive
principle-specific information could be stored by kerberos and
retrieved by a trusted utility? Do you feel that this information
could be securely stored by Hesiod [a nameservice in use at Athena]?
Bill
------- End Forwarded Message
