Hi there, I'm afraid we need some help from you.
We are trying to integrate a Kerberized OpenLDAP environment with a LDAP user friendly management interface web application (LAM). This web application allows to use some custom scripts since the modules included by default are not suitable for how our environment works due to the saslauthd passthrough implementation we used. One of the custom script is dedicated for changing principals' password. This custom script calls kadmin to do a cpw using a service principal and a dedicated keytab with the permissions correctly granted. We need for this task a totally non-interactive command since the custom script receives the variables from the php application form. kadmin -k -t $KEYTABLOCATION -p $SERVICEPRINCIPAL -q "cpw $PRINCIPAL -pw $PASSWORD" What we found is that this command ignores the password policy assigned to the principal, including all the complexity rules and history options. No matter if the command is launched in a kadmin console interactive mode, policies are totally ignored. If we use: kpasswd $PRINCIPAL Then all the password policy rules are respected. This would be ideal if we could use it in a non-interactive mode receiving the environments from the php form, but I'm afraid is not possible (or we couldn't find or figure out how to do it) since it asks you for the old and new password and it's confirmation. Any idea about how could we proceed? Is there a way to force the cpw command to apply an already existing policy? Thank you so much for your time. Kind Regards. [cid:image001.gif@01D6709D.48FE73A0] Dario Garcia Díaz-Miguel GGCS-SES Unit GGCS SKMF Infrastructure Division GMV C\ de Isaac Newton, 11 28760, Tres Cantos, Madrid España +34 918 07 21 00 +34 918 07 21 99 www.gmv.com <http://www.gmv.com/> [cid:image002.png@01D6709D.48FE73A0]<http://www.facebook.com/infoGMV> [cid:image003.png@01D6709D.48FE73A0]<http://www.twitter.com/infoGMV_es> [cid:image004.png@01D6709D.48FE73A0]<http://www.youtube.com/infoGMV> [cid:image005.png@01D6709D.48FE73A0]<https://www.linkedin.com/company/gmv> [cid:image006.png@01D6709D.48FE73A0]<http://www.gmv.com/en/RSS> [cid:image007.png@01D6709D.48FE73A0]<http://www.gmv.com/blog_gmv/language/en/> P Please consider the environment before printing this e-mail.
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos