[prev in list] [next in list] [prev in thread] [next in thread]
List: krbdev
Subject: Re: Change password without default_realm fails
From: Greg Hudson <ghudson () MIT ! EDU>
Date: 2012-05-10 17:39:42
Message-ID: 4FABFD5E.9040700 () mit ! edu
[Download RAW message or body]
On 04/25/2012 04:27 AM, Stef Walter wrote:
> When there is no default_realm in /etc/krb5.conf (or no config file at
> all), then changing the kerberos password fails.
Coincidentally, Kevin Wasserman reported this to krb5-bugs as issue #7127.
> Attached is a simple work around patch.
That patch would break the conditional in warn_pw_expiry() to not warn
if the password is being changed.
I've checked in a different minimally invasive fix (munge
"kadmin/changepw" to "kadmin/changepw@" in build_in_tkt_name()) and
marked it for backport.
> 1. Make krb5_parse_name_flags accept a new
> KRB5_PRINCIPAL_PARSE_IGNORE_REALM option which would accept
> principal name strings without a @REALM part.
I also implemented this, after rewriting krb5_parse_name (which had
grown too internally complicated to reasonably support a new feature).
That will allow any in_tkt_service to be used without a default realm,
and will be in 1.11.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic