diff options
Diffstat (limited to 'daemons/ipa-kdb/TODO')
-rw-r--r-- | daemons/ipa-kdb/TODO | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/TODO b/daemons/ipa-kdb/TODO new file mode 100644 index 000000000..5bcdd6ca7 --- /dev/null +++ b/daemons/ipa-kdb/TODO @@ -0,0 +1,17 @@ + +* Handle KRB5_KDB_REQUIRES_PWCHANGE in entry->attributes so that ipa-pwd-extop + can use it too. + +* Change ipa-pwd-extop to be able to properly read a krbMKey with multiple values +* In change_pwd properly handle keepold if mkvno differs + +Pwd change behavior and kadmind/kadmin.local: +* How to detect/allow password changes for users based on ACIs in LDAP ? + CANNOT, Only own password changes will be allowed +* How to allow admin to always change pw but mark the pw as expired ? + NOT via kadmin + +FUTURE: +add code to handle change of masterkey by adding new krbMKey and having +ipa-pwd-extop start a task to re-encode keys. Possibly do that with a special +extended operation. |