2 files changed, 15 insertions, 0 deletions

diff --git a/src/kadmin/v5server/ChangeLog b/src/kadmin/v5server/ChangeLog
index c1779510d7..d357a39b4b 100644
--- a/src/kadmin/v5server/ChangeLog
+++ b/src/kadmin/v5server/ChangeLog
@@ -1,4 +1,10 @@
 
+Mon Jun 5 14:14:10 EDT 1995	Paul Park	(pjpark@mit.edu)
+	* srv_key.c(key_get_admin_entry) - When adding database entry for
+		changepw principal, supply a maximum life and maximum renewable
+		lifetime so that it doesn't end up being zero.
+
+
 Thu Jun 1 14:34:41 EDT 1995	Paul Park	(pjpark@mit.edu)
 	* srv_acl.c: Change default acl file name to be a #define.  If it
 		is not defined, then default to /krb5/krb5_adm.acl.
diff --git a/src/kadmin/v5server/srv_key.c b/src/kadmin/v5server/srv_key.c
index 875b1e96b0..8dba7c375a 100644
--- a/src/kadmin/v5server/srv_key.c
+++ b/src/kadmin/v5server/srv_key.c
@@ -31,6 +31,13 @@
 #include "kadm5_defs.h"
 #include "mit-des.h"
 
+/*
+ * These control the maximum [renewable] life of the changepw principal, if
+ * it is created by us.
+ */
+#define	KEY_DEF_MAX_LIFE	(2*60*60)
+#define	KEY_DEF_MAX_RLIFE	(2*60*60)
+
 static const char *key_cpw_ufokey_fmt = "%s: no keys in database entry for %s.\n";
 static const char *key_cpw_decerr_fmt = "%s: cannot decode keys for %s.\n";
 static const char *key_add_cpw_err_fmt = "%s: cannot add entry for %s (%s).\n";
@@ -202,6 +209,8 @@ key_get_admin_entry(kcontext)
 		    krb5_timeofday(kcontext, &madmin_entry.mod_date);
 		    madmin_entry.last_pwd_change = madmin_entry.mod_date;
 		    madmin_entry.mkvno = key_master_entry()->kvno;
+		    madmin_entry.max_life = KEY_DEF_MAX_LIFE;
+		    madmin_entry.max_renewable_life = KEY_DEF_MAX_RLIFE;
 		    number_of_entries = 1;
 
 		    /*