[2327] in Kerberos-V5-bugs
krb5-admin/87: modify_principal pw_expire semantics wrong
daemon@ATHENA.MIT.EDU (bjaspan@MIT.EDU)
Tue Oct 8 17:57:34 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: bjaspan@MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, bjaspan@MIT.EDU
Date: Tue, 8 Oct 1996 17:53:20 -0400
From: bjaspan@MIT.EDU
Reply-To: bjaspan@MIT.EDU
To: krb5-bugs@MIT.EDU
>Number: 87
>Category: krb5-admin
>Synopsis: modify_principal pw_expire semantics wrong
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bjaspan
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Oct e 17:54:01 EDT 1996
>Last-Modified:
>Originator: Barry Jaspan
>Organization:
mit
>Release: 1.0-development
>Environment:
System: SunOS DUN-DUN-NOODLES 5.4 Generic_101945-37 sun4m sparc
>Description:
The semantics for setting password expiration as specified in
doc/kadm5/api-funcspec.tex are totally nonsensical. As a result, the
behavior of kadm5_modify_principal is nonsensical, although different
from that in the spec. In particular, if there is no policy,
modify_principal does not allow a principal's pw_expiration to be set
to anything greater than its current value; this makes absolutely no
sense.
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
