kerberos + gssapi password change

Darren Tucker dtucker at
Thu Oct 9 11:58:24 EST 2003

Andreas Girardet wrote:
> I am not a developer, but since this is a more advanced issue I rather
> post to this list than to the users list, I hope this is OK.

That's OK.

> We are currently running openssh with simon's gssapi patch and want to
> move towards the new integrated solution with openssh-3.7.1p2. A problem
> we experienced in both versions of openssh is that we are not able to
> change the kerberos password, when it expires. I used James'  patch but it
> seemed to not work well with simon's gssapi patch and as such we decided
> not to integrate it. James told me that he believes password change is now
> working with the changes, but I am unable to get it working and am
> wondering if this is a known limitation still and if you are planning to
> work on this issue in the future if it is still an issue.

I don't speak Kerberos myself but someone once reported [0] that an
earlier version of my password expiry patch [1] worked with Kerberos on an
earlier version of OpenSSH when PATH_PASSWD_PROGRAM was set to "kinit".

> Another oddness I experience

... is truncated email messages? :-)



Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list