Am 13.06.2013 21:01, schrieb Greg Hudson: > On 06/13/2013 01:05 PM, Berthold Cogel wrote: >>> We fixed (1) in 1.9 and will remove (2) in 1.12. If you cannot upgrade >>> to 1.9 or later, you should avoid the use of password policy objects. > >> How can I do this? I can remove a policy in kadmin, but what happens to >> the principals associated with the policy? > > krb5 1.6 doesn't let you remove a policy until no principals are > associated with it. (krb5 1.12 will allow dangling policy references, > but that doesn't help you.) So you'll have to remove those first, > probably using some kind of script given the number of users you have. > Removing the krbPwdPolicyReference attributes from the principal objects > in LDAP will suffice, if you have better LDAP scripting tools than > kadmin scripting tools. > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos >
OK.... I only have to remove the krbPwdPolicyReference attribute in LDAP? Then I don't need a script. I can do batch operations with Apache Directory Studio. And thanks to virtualisation I can snapshot the system. I case I make some mistake. Thanks a lot Berthold Cogel ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
