[Bug 819] patch to add kerberos password-changing
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Mar 27 01:51:51 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=819
Summary: patch to add kerberos password-changing
Product: Portable OpenSSH
Version: 3.8p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: enhancement
Priority: P2
Component: Kerberos support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: buckh at pobox.com
here's a patch that invokes kpasswd in the event the KDC fails to authenticate
a user's kerberos-5 password b/c it's expired: it attempts to get a ticket for
kadmin/changepw and, if that works, dumps the user into kpasswd instead of
passwd
note that i don't consider myself security-cognizant enough to have thought
through all the ramifications of this and whether it might not be opening up
holes. nevertheless, i'm submitting it in case it's not completely demented,
so you all can figure out whether to implement it and, hopefully, code it up
so it doesn't have the bugs my patch undoubtedly does
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list