Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP id VAA04266; Fri, 20 Aug 2004 21:09:04 -0400 (EDT)
Received: from pch.mit.edu (localhost [127.0.0.1]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i7L194l1012453 for <krb5-send-pr@krbdev.mit.edu>; Fri, 20 Aug 2004 21:09:04 -0400 (EDT)
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i7KMgol1008737 for <krb5-bugs-incoming@PCH.mit.edu>; Fri, 20 Aug 2004 18:42:51 -0400 (EDT)
Received: from exch-one.centrify.com (adsl-64-172-2-178.dsl.sntc01.pacbell.net [64.172.2.178])i7KMgn5Y011870 for <krb5-bugs@mit.edu>; Fri, 20 Aug 2004 18:42:50 -0400 (EDT)
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Date: Fri, 20 Aug 2004 15:42:45 -0700
X-Mimeole: Produced By Microsoft Exchange V6.5.7226.0
Message-Id: <D6DE73398967E54096684518594D9931046804@exch-one.centrify.com>
X-MS-Has-Attach: 
X-MS-Tnef-Correlator: 
Thread-Topic: feature proposal - programmatic retrieval of password expiry
Thread-Index: AcSHBwKmL4DeAfPSRDyw74GJtjIK0g==
From: "Paul Moore" <paul.moore@centrify.com>
To: <krb5-bugs@mit.edu>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id i7KMgol1008737
X-Mailman-Approved-At: Fri, 20 Aug 2004 21:09:03 -0400
Subject: feature proposal - programmatic retrieval of password expiry
X-Beenthere: krb5-bugs-incoming@mit.edu
X-Mailman-Version: 2.1
Precedence: list
Sender: krb5-bugs-incoming-bounces@mit.edu
Errors-To: krb5-bugs-incoming-bounces@mit.edu
X-RT-Original-Encoding: us-ascii
Content-Length: 919

Today get_init_creds_password will tell the user if their password will
expire but only via hard-coded messages sent via the prompter. It is
useful for applications that dont the prompting themselves to retrieve
the password expiry time so that they can deal with it in an app
specifiy way (configurable warning window, offer the user tthe choice to
change now, ...)
 
To this end we have added a secondary entry point to gig_pwd.c;
get_init_creds_password_expiry that takes an int* that gets populated
with the expiry time.
 
Is this a useful feature. Would you like the diffs?
 
An alternaitive approach is to fake up a prompter and parse the ascii
text. There is one major problem with this - the expiry warnings are not
generated until 7 days before expiry (in 1.3.4), so we cannot see this
data before that (to warn 10 days in advance for example). Also parsing
text that may or may not get sent is pretty klunky