[krbdev.mit.edu #8949] Provide Means to Prevent a User Changing its Password

Wed Sep 16 18:11:47 EDT 2020

Wed Sep 16 18:11:47 2020: Request 8949 was acted upon.
 Transaction: Ticket created by dilyan.palauzov at aegee.org
       Queue: krb5
     Subject: Provide Means to Prevent a User Changing its Password
       Owner: Nobody
  Requestors: dilyan.palauzov at aegee.org
      Status: new
 Ticket <URL: https://mv-ezproxy-com.ezproxyberklee.flo.org/rt/Ticket/Display.html?id=8949 >

Hello,

I want to provide a service for many users, that can be used over
Kerberos.  Users shall be able to change their passwords over the
kpasswd-protocol or using a website.

For demonstration purposes, I want to provide a user with public
password, where anybody can try the service, using that
username/password, before creating a private username/password.  I do
not want, that the the public password can be changed over the kpasswd-
protocol.

Please add some means to achieve this, e.g. by a new attribute to the
principals.

Regards
  Дилян