From kenh@cmf.nrl.navy.mil Thu Apr 10 13:43:08 1997 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id NAA29014 for ; Thu, 10 Apr 1997 13:43:03 -0400 Received: from ginger.cmf.nrl.navy.mil by MIT.EDU with SMTP id AA25519; Thu, 10 Apr 97 12:42:36 EST Received: from nexus.cmf.nrl.navy.mil (kenh@nexus.cmf.nrl.navy.mil [134.207.10.9]) by ginger.cmf.nrl.navy.mil (8.8.5/8.8.5) with ESMTP id NAA12494 for ; Thu, 10 Apr 1997 13:42:41 -0400 (EDT) Received: (from kenh@localhost) by nexus.cmf.nrl.navy.mil (8.8.5/8.8.5) id NAA05219; Thu, 10 Apr 1997 13:42:53 -0400 (EDT) Message-Id: <199704101742.NAA05219@nexus.cmf.nrl.navy.mil> Date: Thu, 10 Apr 1997 13:42:53 -0400 (EDT) From: Ken Hornstein Reply-To: kenh@cmf.nrl.navy.mil To: krb5-bugs@MIT.EDU Subject: Don't update the last password change field for new users X-Send-Pr-Version: 3.99 >Number: 415 >Category: krb5-admin >Synopsis: The current behavior of kadmind makes using minimum password lifetimes difficult >Confidential: no >Severity: non-critical >Priority: medium >Responsible: bjaspan >State: open >Class: change-request >Submitter-Id: unknown >Arrival-Date: Thu Apr 10 13:44:01 EDT 1997 >Last-Modified: >Originator: Ken Hornstein >Organization: Navel Research Lab >Release: 1.0 >Environment: System: SunOS nexus 4.1.4 3 sun4m Architecture: sun4 >Description: The current way kadmind works makes it difficult to use minimum password lifetimes. When you create a user, the "last password change" field is updated so it has the time the account was created. This is problematic if you set a minimum password lifetime; if you want new users to change their passwords right away, you have to wait until the minimum password lifetime has lapsed until they can change their password, and that simply doesn't make sense. >How-To-Repeat: Create a user with a long minimum password lifetime, and tell them to change their passwords right away. >Fix: This simple patch makes it so newly created accounts don't have a password change time. --- lib/kadm5/srv/svr_principal.c.orig Mon Nov 11 17:05:18 1996 +++ lib/kadm5/srv/svr_principal.c Thu Apr 10 13:30:02 1997 @@ -212,13 +212,6 @@ return(ret); } - if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)) { - krb5_dbe_free_contents(handle->context, &kdb); - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); - } - /* initialize the keys */ if (ret = krb5_dbe_cpw(handle->context, &master_encblock, >Audit-Trail: >Unformatted: