On 03/05/2012 06:16 AM, Mark Davies wrote: > Principal expires: 2012-12-02 10:59:59 UTC > Password expires: never
> Warning: Your password will expire in less than one hour on Thu Jan 1 > 12:00:00 1970 That's a bug introduced in MIT krb5 1.9. I'm fixing it now and marking it for pullup to 1.9 and 1.10. > Principal expires: 2012-12-02 10:59:59 UTC > Password expires: 2012-12-01 00:00:00 UTC > Warning: Your password will expire in 270 days on Sat Dec 1 13:00:00 2012 This is controllable with the kdc_warn_expire option in the [kdc] section of your KCS's krb5.conf (if I read the Heimdal code correctly), but if you were to turn it off, you'd just run into the aforementioned bug. > We don't see these warnings on our other systems. Any idea whats > causing them and how to shut them up? Unfortunately, I think your options for shutting them up aren't great: (1) Avoid the use of principal expiry times (2) Patch your KDC not to send principal expiry times in AS replies (3) Deploy the MIT krb5 fix to your client systems I can send a patch for (2) or (3) if you decide to go that route. (3) should happen by itself eventually as the fix makes its way through the pipeline, of course. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
