kerberos + gssapi password change
Darren Tucker
dtucker at zip.com.au
Thu Oct 9 11:58:24 EST 2003
Andreas Girardet wrote:
> I am not a developer, but since this is a more advanced issue I rather
> post to this list than to the users list, I hope this is OK.
That's OK.
> We are currently running openssh with simon's gssapi patch and want to
> move towards the new integrated solution with openssh-3.7.1p2. A problem
> we experienced in both versions of openssh is that we are not able to
> change the kerberos password, when it expires. I used James' patch but it
> seemed to not work well with simon's gssapi patch and as such we decided
> not to integrate it. James told me that he believes password change is now
> working with the changes, but I am unable to get it working and am
> wondering if this is a known limitation still and if you are planning to
> work on this issue in the future if it is still an issue.
I don't speak Kerberos myself but someone once reported [0] that an
earlier version of my password expiry patch [1] worked with Kerberos on an
earlier version of OpenSSH when PATH_PASSWD_PROGRAM was set to "kinit".
> Another oddness I experience
... is truncated email messages? :-)
[0] http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=10485986783267
[1] http://www.zip.com.au/~dtucker/openssh/
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list