>>>>> "Russ" == Russ Allbery <[EMAIL PROTECTED]> writes:
Russ> Coy Hile <[EMAIL PROTECTED]> writes: >> kadmin: modprinc +needchange cah220 >> Principal "[EMAIL PROTECTED]" modified. >> kadmin: quit >> [22:53:31]supergrover:~ % kinit cah220 >> kinit(v5): Password has expired while getting initial credentials >> [22:53:37]supergrover:~ % >> >> For what it's worth, I'm using an MIT kdc (actually SEAM). Russ> I don't believe kinit supports prompting for password changes, but you can Russ> still use kpasswd when the principal is marked +needchange. A good PAM Russ> module should currently handle this case and prompt the user to change Russ> their password. A modern kinit program that uses the get_init_creds API will prompt for a password change if the password has expired. I don't know if the SEAM kinit is one of these, and you didn't mention which kinit program you're using. ---Tom ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
