kadmin-remctl 3.6

Another minor tweak to the remctl backend for Kerberos administrative functions that we use at Stanford. This still isn't the long-awaited rewrite that might make this more generally useful outside of Stanford's specific requirements.

This release adds support for setting a password expiration on newly-created accounts via a configuration setting in the local configuration file. The password expiration period can be configured per-instance. (Eventually, this should be handled via policy support instead, but this was easier for my immediate purposes.)

This release also maps password quality error messages on create or reset_passwd to generic messages in the Heimdal backend. This is only of interest to sites such as ours that have patched Heimdal to do password quality checks for administrative actions as well as user-initiated password changes. The kadmin protocol unfortunately doesn't have a way to pass back the verbose password quality error.

You can get the latest version from the kadmin-remctl distribution page.

Posted: 2014-01-15 15:47 — Why no comments?

Last spun 2014-01-29 from thread modified 2014-01-15