Expiring password interrupt from Kerberos
Ian Bobbitt
ibobbitt at globalnoc.iu.edu
Tue Oct 24 20:51:18 EDT 2017
I would like to use the Kerberos password expiration date to trigger the
expiring password interrupt.
I can have the login add the ticket to the Subjects. I can see that
subject from a ScribedAttribute (or would a SubjectDerivedAttribute be
better?), but I can't figure out how to access the password expiration
from there. If I decrypt the reply from the KDC I see the expiration
date in the packet, so I know it's there if I can just find the right
set of methods to call.
Has someone figured this out already and is willing and able to share
their solution, or help point me in the right direction?
-- Ian
(Yes, I know regularly expiring passwords that aren't suspected to be
compromised goes against current recommended practices. I can't change
the policy.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4090 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20171024/7f9fd815/attachment.p7s>
More information about the users
mailing list