bugzilla-daemon at mindrot.org
2004-Mar-26 14:51 UTC
[Bug 819] patch to add kerberos password-changing
http://bugzilla.mindrot.org/show_bug.cgi?id=819 Summary: patch to add kerberos password-changing Product: Portable OpenSSH Version: 3.8p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: enhancement Priority: P2 Component: Kerberos support AssignedTo: openssh-bugs at mindrot.org ReportedBy: buckh at pobox.com here's a patch that invokes kpasswd in the event the KDC fails to authenticate a user's kerberos-5 password b/c it's expired: it attempts to get a ticket for kadmin/changepw and, if that works, dumps the user into kpasswd instead of passwd note that i don't consider myself security-cognizant enough to have thought through all the ramifications of this and whether it might not be opening up holes. nevertheless, i'm submitting it in case it's not completely demented, so you all can figure out whether to implement it and, hopefully, code it up so it doesn't have the bugs my patch undoubtedly does ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-26 14:53 UTC
[Bug 819] patch to add kerberos password-changing
http://bugzilla.mindrot.org/show_bug.cgi?id=819 ------- Additional Comments From buckh at pobox.com 2004-03-26 07:52 ------- Created an attachment (id=576) --> (http://bugzilla.mindrot.org/attachment.cgi?id=576&action=view) referenced patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Mar-30 15:09 UTC
[Bug 819] patch to add kerberos password-changing
http://bugzilla.mindrot.org/show_bug.cgi?id=819 buckh at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #576 is|0 |1 obsolete| | ------- Additional Comments From buckh at pobox.com 2004-03-31 01:09 ------- Created an attachment (id=581) --> (http://bugzilla.mindrot.org/attachment.cgi?id=581&action=view) updated patch sorry. slight fix to work with MIT krb5 libraries. of course, MIT's kpasswd isn't working when it gets exec-ed (i have the same problem as this guy: http://mailman.mit.edu/pipermail/kerberos/2003-October/003990.html ), but, anyway, . . . ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- samba4 : [kerberos part kinit work but no kpasswd
- [Bug 808] segfault if not using pam/keyboard-interactive mech and password's expired
- [Bug 563] getaddrinfo() in libopenbsd-compat.a breaks heimdal-linked pam_krb5
- (no subject)
- Sync password (with MIT-kerberos server) and migration