Subject: | kadmind minimum life check fails for nonexistent policies |
In kadmind, when a principal performs a self-service key change (randkey or
chpass), we look up the principal's policy and check the minimum password
lifetime. This check currently fails if the policy does not exist, which
contradicts the intent of #7385. We should relax check_min_life() to
succeed if kadm5_get_policy() returns KADM5_UNK_POLICY.
Reported by John Devitofranceschi.
chpass), we look up the principal's policy and check the minimum password
lifetime. This check currently fails if the policy does not exist, which
contradicts the intent of #7385. We should relax check_min_life() to
succeed if kadm5_get_policy() returns KADM5_UNK_POLICY.
Reported by John Devitofranceschi.