[2473] in Kerberos_V5_Development
Re: Password expiration via a preauth mechanism
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Thu Jul 31 13:04:25 1997
Date: Thu, 31 Jul 1997 13:01:56 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: "Theodore Y. Ts'o" <tytso@MIT.EDU>, krbdev@MIT.EDU
In-Reply-To: Ken Hornstein's message of Wed, 30 Jul 1997 15:09:53 -0400,
<199707301909.PAA27749@ginger.cmf.nrl.navy.mil>
Date: Wed, 30 Jul 1997 15:09:53 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
>Actually, if I remember correctly there's partial support for last-req
>in the KDC, although it's for certain that we're not currently using it.
What I see is:
static krb5_last_req_entry nolrentry = { KV5M_LAST_REQ_ENTRY, KRB5_LRQ_NONE, 0 }
;
static krb5_last_req_entry *nolrarray[] = { &nolrentry, 0 };
krb5_error_code
fetch_last_req_info(dbentry, lrentry)
krb5_db_entry *dbentry;
krb5_last_req_entry ***lrentry;
{
*lrentry = nolrarray;
return 0;
}
It was easier for me to build on the preauth framework, since it already
existed and was known to work.
Yes, but all of the ASN.1 marshalling and unmarshalling is already in
place. It's simply a matter of filling in the linked list of last_req
entries in the KDC.
- Ted
