kadmin-remctl 3.1 (unreleased)
+ kadmin-backend for an MIT Kerberos server no longer has the boolean
+ checking configuration parameter, which said whether to do password
+ checking. Instead, there is a new policy configuration parameter
+ which, if set, sets that password policy for newly created accounts.
+ To duplicate the previous behavior when checking was true, set policy
+ to "standard".
+
Add an expiration command, which sets the expiration date of a
principal. Based on a patch from Garrett Wollman.
- For an MIT Kerberos server, add the create_opts configuration
- parameter, which adds additional options that are passed to kadmin
- addprinc when a principal is created.
+ kadmin backend for an MIT Kerberos server now supports the create_opts
+ configuration parameter, which adds additional options that are passed
+ to kadmin addprinc when a principal is created. Based on a patch by
+ Garrett Wollman.
Allow underscores in principal names by default in the examine
function.
# afs_srvtab => Srvtab for Kerberos v4 kasetkey authentication
# acl => File listing principals that can manage this instance
# allowed => Regex matching permitted principal names (w/o instance)
-# checking => True if we should enable password strength checking
# create_opts => Extra options to pass to kadmin addprinc
# k5_admin => Principal for Kerberos v5 kadmin authentication
# k5_host => Admin server for Kerberos v5 kadmin operations
# k5_keytab => Keytab for Kerberos v5 kadmin authentication
# locked => Program to check to see if we can enable an account
+# policy => The password policy to set for created principals
# reset => True if we should allow password resets
#
# No instances are configured by default. In order for a particular instance
kadmin_config ($instance) or return;
$principal = "$principal/$instance" if $instance;
my $command = 'add_principal +requires_preauth';
- if ($CONFIG{$instance}{checking}) {
- $command .= ' -policy standard';
+ if ($CONFIG{$instance}{policy}) {
+ $command .= " -policy $CONFIG{$instance}{policy}";
} else {
$command .= ' -clearpolicy';
}
might confuse the shell or B<kadmin> (shell metacharacters, whitespace,
and so forth).
-=item checking
-
-Set to a true value if passwords for this instance should be subject to
-password strength checking, false otherwise.
-
=item create_opts
Contains extra options to pass to the B<kadmin> C<addprinc> command when
be enabled again using this interface for some policy reason. If the
array is undefined or empty, there is no checking for locked status.
+=item policy
+
+If set, the given password policy will be set for all newly-created
+principals.
+
=item reset
Set to a true value if B<kadmin-backend> should support resetting