kadmin-remctl 3.5 (unreleased)
Increase the timeout for initial authentication during a kpasswd
- password change to ten seconds. The previous timeout of two seconds
- was occasionally too short in production. Also fix a Perl warning if
- the initial authentication times out.
+ password change to ten seconds, and the timeout for a successful
+ password change to sixty seconds. The previous timeouts of two
+ seconds and thirty seconds was occasionally too short in production.
+ Also fix Perl warnings if the initial authentication or password
+ change time out.
In the Heimdal backend, use get instead of list to check whether a
given principal already exists. list requires a complete database
}
$kpasswd->send ($new . "\n");
($num, $error, $match, $before, $after)
- = $kpasswd->expect (30, 'Password change rejected: ',
+ = $kpasswd->expect (60, 'Password change rejected: ',
'Password changed.');
- if ($num == 1) {
+ if (defined ($num) && $num == 1) {
$after =~ s/\..*//s;
$after =~ s/\r?\n/ /g;
$after =~ s/\s+See the kpasswd man page.*//s;
= $kpasswd->expect (10, 'kpasswd: krb5_get_init_creds:',
'kpasswd: Password incorrect',
'-re', 'New password for \S+:');
- if (defined ($num) && ($num == 1 || $num == 2)) {
+ if (defined($num) && ($num == 1 || $num == 2)) {
if ($num == 1) {
$after =~ s/\r?\n.*//s;
$after =~ s/^\s+//;
}
$kpasswd->send ($new . "\n");
($num, $error, $match, $before, $after)
- = $kpasswd->expect (30, 'Soft error : ',
+ = $kpasswd->expect (60, 'Soft error : ',
'Success : Password changed');
- if ($num == 1) {
+ if (defined($num) && $num == 1) {
$after =~ s/\..*//s;
$after =~ s/\r?\n/ /g;
$after =~ s/\s+See the kpasswd man page.*//s;