Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP id l69J3aHW018604; Mon, 9 Jul 2007 15:03:36 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l69J3Vgc026718; Mon, 9 Jul 2007 15:03:31 -0400 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id l69Cu3ak031570 for ; Mon, 9 Jul 2007 08:56:04 -0400 Received: from mit.edu (W92-130-BARRACUDA-3.MIT.EDU [18.7.21.224]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id l69Cu2uc028049 for ; Mon, 9 Jul 2007 08:56:02 -0400 (EDT) Received: from smtp.nist.gov (rimp1.nist.gov [129.6.16.226]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mit.edu (Spam Firewall) with ESMTP id C6A2E5DEA2F for ; Mon, 9 Jul 2007 08:56:01 -0400 (EDT) Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id l69CtloV030857 for ; Mon, 9 Jul 2007 08:55:49 -0400 Received: from ctcms.nist.gov (lurch.nist.gov [129.6.153.40]) by postmark.nist.gov (8.13.7/8.13.7) with SMTP id l69Ct6qu007163 for ; Mon, 9 Jul 2007 08:55:06 -0400 (EDT) Received: (qmail 8953018 invoked from network); 9 Jul 2007 12:54:40 -0000 Received: from poppins.nist.gov (129.6.153.38) by lurch.nist.gov with QMQP; 9 Jul 2007 12:54:40 -0000 Received: (nullmailer pid 4593 invoked by uid 34010); Mon, 09 Jul 2007 12:55:05 -0000 Date: Mon, 9 Jul 2007 08:55:05 -0400 From: Andrew Reid To: Ken Raeburn Subject: Re: Bug#428732: [krbdev.mit.edu #5593] kadmin crashes during password changes Message-ID: <20070709125505.GA4391@smithers.nist.gov> References: <64F440A7-46B3-45A7-879C-A64E0927CDA3@mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <64F440A7-46B3-45A7-879C-A64E0927CDA3@mit.edu> User-Agent: Mutt/1.5.13 (2006-08-11) X-Nist-Mailscanner: Found to be clean X-Nist-Mailscanner-From: reida@lurch.nist.gov X-Spam-Score: 0.00 X-Spam-Flag: NO X-Scanned-BY: MIMEDefang 2.42 X-Mailman-Approved-At: Mon, 09 Jul 2007 15:03:30 -0400 CC: 428732@bugs.debian.org, Russ Allbery , krb5-bugs@MIT.EDU X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.MIT.EDU Errors-To: krb5-bugs-incoming-bounces@PCH.MIT.EDU RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 919 On Fri, Jul 06, 2007 at 07:53:46PM -0400, Ken Raeburn wrote: > This code path requires that the principal in question have a policy > dictating a minimum time before the password can be changed, and a > password change made before that time has elapsed. (I should've > thought of that given the description of changing passwords > specifically in a short time.) Andrew, does that describe your > situation? If so, changing src/kadmin/server/misc.c to include > could fix the problem. Yes, this describes our situation precisely -- I also had forgotten about the minimum password lifetime in the policy, even though I myself remarked on the time-dependent character. -- A. -- Dr. Andrew C. E. Reid, Guest Researcher Center for Theoretical and Computational Materials Science National Institute of Standards and Technology, Mail Stop 8910 Gaithersburg MD 20899 USA andrew.reid@nist.gov