[2106] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Handling password expiration gracefully

daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Tue Dec 10 02:24:25 1996

Date: Tue, 10 Dec 1996 02:22:58 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Marc Horowitz <marc@cygnus.com>
Cc: proven@cygnus.com, "Barry Jaspan" <bjaspan@MIT.EDU>, kenh@cmf.nrl.navy.mil,
        krbdev@MIT.EDU
In-Reply-To: Marc Horowitz's message of 10 Dec 1996 01:34:54 -0500,
	<t53ybf6vre9.fsf@rover.cygnus.com>

   From: Marc Horowitz <marc@cygnus.com>
   Date: 10 Dec 1996 01:34:54 -0500

   Certainly the preauth is a better solution long-term; I think Barry's
   point is that querying the kadmind is less work, because it uses
   existing interfaces.  A preauth requires a protocol extension, which
   requires more careful design.

The other place where you could shimmy this into krb5 protocol which
much less work is to define a new lr-type request, and simply put the
expiration time into the last-req field of the encrypted KDC reply.

						- Ted


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2106] in Kerberos_V5_Development

Re: Handling password expiration gracefully

daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)Tue Dec 10 02:24:25 1996

daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Tue Dec 10 02:24:25 1996