On Fri, Mar 07, 2003 at 11:31:34AM -0500, James F.Hranicky wrote: > Is anyone actually using the password expiration features of Kerberos?
For what it's worth, the password expiration features worked previously with login, sshd, pam_krb5 and Heimdal on FreeBSD and Linux. [snip] > - buggy pam_krb5-1.0.3 module: I just recently sent in a patch > that fixed a simple pointer bug in the module causing > segfaults whenever the libraries returned any messages > (e.g., "Your password will expire...", "Your password has expired") I'd be careful here. The Linux-PAM and Solaris PAM implementations interpret that pointer differently. I know it was correct for Linux-PAM, and I thought that Nico had checked it out for Solaris as well. > - buggy PAM programs: > > o the PAM patch for XDM causes a segfault when the > (struct pam_message **) msg argument contains more than > one message due to incorrect pointer dereference (derefs > msg[count]->msg instead of msg[0][count].msg). I fixed > that, but I'm getting another segfault elsewhere Yeah, that's the same issue. Cross-platform PAM can be hard to get right, and many applications have really poor PAM support. I'm sorry to say that I mostly gave up on the issue and simply integrated the PAM/Kerberos 5 support we (FreeBSD) need into the base system. (something had to give) However, if you have time and energy, people will learn to love you for fixing their PAM problems :) Cheers, -- Jacques A. Vidrine <[EMAIL PROTECTED]> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos [EMAIL PROTECTED] . [EMAIL PROTECTED] . [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
