[Bug 819] patch to add kerberos password-changing

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Mar 27 01:51:51 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=819

           Summary: patch to add kerberos password-changing
           Product: Portable OpenSSH
           Version: 3.8p1
          Platform: UltraSparc
        OS/Version: Solaris
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Kerberos support
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: buckh at pobox.com


here's a patch that invokes kpasswd in the event the KDC fails to authenticate
a user's kerberos-5 password b/c it's expired: it attempts to get a ticket for
kadmin/changepw and, if that works, dumps the user into kpasswd instead of
passwd

note that i don't consider myself security-cognizant enough to have thought
through all the ramifications of this and whether it might not be opening up
holes. nevertheless, i'm submitting it in case it's not completely demented,
so you all can figure out whether to implement it and, hopefully, code it up
so it doesn't have the bugs my patch undoubtedly does



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list