On 06/13/2013 01:05 PM, Berthold Cogel wrote: >> We fixed (1) in 1.9 and will remove (2) in 1.12. If you cannot upgrade >> to 1.9 or later, you should avoid the use of password policy objects.
> How can I do this? I can remove a policy in kadmin, but what happens to > the principals associated with the policy? krb5 1.6 doesn't let you remove a policy until no principals are associated with it. (krb5 1.12 will allow dangling policy references, but that doesn't help you.) So you'll have to remove those first, probably using some kind of script given the number of users you have. Removing the krbPwdPolicyReference attributes from the principal objects in LDAP will suffice, if you have better LDAP scripting tools than kadmin scripting tools. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
