To: | krb5-bugs@mit.edu |
Cc: | kwc@citi.umich.edu |
Subject: | kadmind implementation of Horowitz change password protocol doesn't do minlife |
From: | Sam Hartman <hartmans@MIT.EDU> |
Date: | Wed, 22 Jan 2003 14:54:08 -0500 |
Return-Path: <krbdev-admin@MIT.EDU>
Received: from solipsist-nation ([unix socket])
by solipsist-nation (Cyrus v2.1.5-Debian2.1.5-1) with LMTP; Wed, 22 Jan
2003 13:00:29 -0500
X-Sieve: CMU Sieve 2.2
Return-Path: <krbdev-admin@MIT.EDU>
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by suchdamage.org (Postfix) with ESMTP id F2D7513171
for <hartmans@suchdamage.org>; Wed, 22 Jan 2003 13:00:28 -0500 (EST)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id NAA11265;
Wed, 22 Jan 2003 13:00:14 -0500 (EST)
Received: from pch.mit.edu (localhost [127.0.0.1])
by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id NAA27232;
Wed, 22 Jan 2003 13:00:06 -0500 (EST)
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id MAA27219
for <krbdev@PCH.mit.edu>; Wed, 22 Jan 2003 12:59:32 -0500 (EST)
Received: from citi.umich.edu (citi.umich.edu [141.211.92.141])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id MAA10940
for <krbdev@mit.edu>; Wed, 22 Jan 2003 12:59:32 -0500 (EST)
Received: from citi.umich.edu (unknown [141.211.92.185])
by citi.umich.edu (Postfix) with ESMTP id DDEFB207F7
for <krbdev@mit.edu>; Wed, 22 Jan 2003 12:59:31 -0500 (EST)
X-Mailer: exmh version 2.5 07/13/2001 with version: MH 6.8.3 #72[UCI]
To: krbdev@mit.edu
Subject: kadmin unit tests
From: Kevin Coffman <kwc@citi.umich.edu>
Message-Id: <20030122175931.DDEFB207F7@citi.umich.edu>
Sender: krbdev-admin@MIT.EDU
Errors-To: krbdev-admin@MIT.EDU
X-BeenThere: krbdev@mit.edu
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:krbdev-request@mit.edu?subject=help>
List-Post: <mailto:krbdev@mit.edu>
List-Subscribe: <http://mailman.mit.edu/mailman/listinfo/krbdev>,
<mailto:krbdev-request@mit.edu?subject=subscribe>
List-Id: Kerberos Developers Mailing List <krbdev.mit.edu>
List-Unsubscribe: <http://mailman.mit.edu/mailman/listinfo/krbdev>,
<mailto:krbdev-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/krbdev/>
X-Original-Date: Wed, 22 Jan 2003 12:59:31 -0500
Date: Wed, 22 Jan 2003 12:59:31 -0500
X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20
X-Spam-Level:
MIME-Version: 1.0
After modifying the kadm unit tests to use the kpasswd from the
clients/kpasswd directory rather the kadmin/kpasswd directory, I've got
all the kpasswd tests working except the test that checks whether a
password change is "too soon".
It looks like the check for pw_min_life was moved from
kadm5_chpass_principal_3 to chpass_principal_wrapper_3. The
clients/kpasswd/kpasswd uses the simple chpw (schpw) path in kadmind.
It looks like the processing path in kadmind is:
do_schpw
process_chpw_request
kadm5_chpass_principal_util
_kadm5_chpass_principal_util
kadm_chpass_principal
kadm5_chpass_principal
kadm5_chpass_principal_3
So the check is never done for the clients/kpasswd version of kpasswd.
Received: from solipsist-nation ([unix socket])
by solipsist-nation (Cyrus v2.1.5-Debian2.1.5-1) with LMTP; Wed, 22 Jan
2003 13:00:29 -0500
X-Sieve: CMU Sieve 2.2
Return-Path: <krbdev-admin@MIT.EDU>
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by suchdamage.org (Postfix) with ESMTP id F2D7513171
for <hartmans@suchdamage.org>; Wed, 22 Jan 2003 13:00:28 -0500 (EST)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id NAA11265;
Wed, 22 Jan 2003 13:00:14 -0500 (EST)
Received: from pch.mit.edu (localhost [127.0.0.1])
by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id NAA27232;
Wed, 22 Jan 2003 13:00:06 -0500 (EST)
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.9.3+Sun/8.9.3) with ESMTP id MAA27219
for <krbdev@PCH.mit.edu>; Wed, 22 Jan 2003 12:59:32 -0500 (EST)
Received: from citi.umich.edu (citi.umich.edu [141.211.92.141])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id MAA10940
for <krbdev@mit.edu>; Wed, 22 Jan 2003 12:59:32 -0500 (EST)
Received: from citi.umich.edu (unknown [141.211.92.185])
by citi.umich.edu (Postfix) with ESMTP id DDEFB207F7
for <krbdev@mit.edu>; Wed, 22 Jan 2003 12:59:31 -0500 (EST)
X-Mailer: exmh version 2.5 07/13/2001 with version: MH 6.8.3 #72[UCI]
To: krbdev@mit.edu
Subject: kadmin unit tests
From: Kevin Coffman <kwc@citi.umich.edu>
Message-Id: <20030122175931.DDEFB207F7@citi.umich.edu>
Sender: krbdev-admin@MIT.EDU
Errors-To: krbdev-admin@MIT.EDU
X-BeenThere: krbdev@mit.edu
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:krbdev-request@mit.edu?subject=help>
List-Post: <mailto:krbdev@mit.edu>
List-Subscribe: <http://mailman.mit.edu/mailman/listinfo/krbdev>,
<mailto:krbdev-request@mit.edu?subject=subscribe>
List-Id: Kerberos Developers Mailing List <krbdev.mit.edu>
List-Unsubscribe: <http://mailman.mit.edu/mailman/listinfo/krbdev>,
<mailto:krbdev-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/krbdev/>
X-Original-Date: Wed, 22 Jan 2003 12:59:31 -0500
Date: Wed, 22 Jan 2003 12:59:31 -0500
X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20
X-Spam-Level:
MIME-Version: 1.0
After modifying the kadm unit tests to use the kpasswd from the
clients/kpasswd directory rather the kadmin/kpasswd directory, I've got
all the kpasswd tests working except the test that checks whether a
password change is "too soon".
It looks like the check for pw_min_life was moved from
kadm5_chpass_principal_3 to chpass_principal_wrapper_3. The
clients/kpasswd/kpasswd uses the simple chpw (schpw) path in kadmind.
It looks like the processing path in kadmind is:
do_schpw
process_chpw_request
kadm5_chpass_principal_util
_kadm5_chpass_principal_util
kadm_chpass_principal
kadm5_chpass_principal
kadm5_chpass_principal_3
So the check is never done for the clients/kpasswd version of kpasswd.