While doing some experimenting I noticed that the MIT Kerberos version 5 "kinit" program will warn you when either your password is about to expire (within 7 days) or when your principal is about to expire. However, the warning message is identical in both cases. Is this for some security reason or is this a bug? When a principal expires kinit no longer allows you to obtain a TGT (You get the message: "kinit: Client's entry in database has expired while getting initial credentials"). In contrast, once your password expires kinit will prompt you for a new one.
Asked
Active
Viewed 715 times
1
-
I can't think of any security related reason not to print the exact cause. – Fred the Magic Wonder Dog Apr 26 '14 at 00:39