Coy Hile <[EMAIL PROTECTED]> writes: > Is there any good way to make sure that a user will be prompted to change > his password the next time he authenticates as a given principal. > > My first attempt was via setting the needchange flag on a test principal, > but then I am unable to authenticate as that princpal in the first place: > > kadmin: modprinc +needchange cah220 > Principal "[EMAIL PROTECTED]" modified. > kadmin: quit > [22:53:31]supergrover:~ % kinit cah220 > kinit(v5): Password has expired while getting initial credentials > [22:53:37]supergrover:~ % > > For what it's worth, I'm using an MIT kdc (actually SEAM).
I don't believe kinit supports prompting for password changes, but you can still use kpasswd when the principal is marked +needchange. A good PAM module should currently handle this case and prompt the user to change their password. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
