Communicating kerberos password expiration
Jason L Tibbitts III
tibbs at math.uh.edu
Sat Feb 14 10:33:25 EST 2015
I know this isn't entirely a Cyrus question, but I figure some folks
here would have some idea of my issue.
Basically, we use Kerberos authentication with Cyrus. The passwords in
Kerberos expire. With shell and (Linux) desktop logins and such, the
system alerts users and if necessary forces them to change their
password. And obviously these days it's not terribly useful to actually
mail someone with information about their password expiring.
My understanding is that IMAP has a limited way to communicate password
expiration (through the EXPIRED response code). Does Cyrus support
communicating that to the client when appropriate? Anyone know if any
clients actually do something useful with it? Does anyone know if the
protocol (or Cyrus) has any way to communicate password expiration in
advance of the password actually expiring? ("You have 5 days to change
your password" or something like that.)
Really I'd like to integrate something with the Horde webmail system to
at least cover webmail-only users. I can actually hack on that a bit,
but I'll obviously ask the Horde people about that. Though I wouldn't
turn down any advice there either if someone here happened to have any.
- J<
More information about the Info-cyrus
mailing list