Hi Russ,
we are using a farm of 3 WebKDC servers, but we want to change expiring
passwords just on one of them. The reason is, that in krb5.conf is at
the first place kadmin server where user changes his password and
immediately can obtain tickets... Propagation of changes from kadmin server
to KDC slaves is about 5 minutes. So we are looking for appropriate
solution.
We supposed, that set of the $EXPIRING_PW_URL variable in webkdc.conf
is enough, but it seem it doesn't work as expected or described:
"The location for the password redirect form, used to redirect users
with expiring or expired passwords to update those passwords. If this
is not set, then the check to see if the user's password is expiring
soon is disabled and expired passwords will result in an error message
rather than a password change dialog. Default: not set."
Even if it is set to exact URL on other server, it stays in local
login.fcgi script
and displays pwchange.tmpl. Is it a bug? Or this shoud be used in other way
in connection with another "EXPIRING" variables?
Tested on debian packages in version 4.1.0-1.
Thanks,
Petr Grolmus
