[2102] in Kerberos_V5_Development
Re: Handling password expiration gracefully
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Tue Dec 10 01:33:21 1996
To: proven@cygnus.com
Cc: krbdev@MIT.EDU
In-Reply-To: Your message of "Tue, 10 Dec 1996 00:26:16 EST."
<199612100526.AAA07937@qed.proven.org>
Date: Tue, 10 Dec 1996 01:32:57 -0500
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
>> An implementation that uses the kadm5 api is clearly (to me) the right
>> way to start, because that api already exists and is easy to use.
>> OV's login program did what you describe, with the following
>> properties:
>>
>Maybe I'm missing something obvious, but doesn't this require login to talk
>to the kadmind? Doesn't this defeat the purpose of having multiple slave kdcs?
Mostly :-) I forgot to mention that this is another reason I'd like to
avoid a kadm5 solution (not that I have anything against kadm5 -- it just
has enough disadvanages for this case to make me want to use something else).
--Ken
