Vipin Rathor <[EMAIL PROTECTED]> writes: > While I was playing with kerberos, I came across this issue. > I created a principal 'bug' with the ank command like this: > kadmin: ank -pwexpire "5/5/2007 12:0:0 GMT" -randkey bug > ; it successfully created the principal but when I tried to see > this entry it is showing me > .... > Password expiration date: [none] > ....
> My questions: > 1. Is this an expected behavior? > 2. Is this happening because of '-randkey'? (since not specifying -randkey > gave proper Password expiration date.) It probably is happening because of -randkey, although I think that's a bug. -randkey is implemented under the hood by creating a disabled account with a fixed password, changing its password to a random password, and then enabling the account. I bet that the password expiration is applied to the initial account creation and then cleared immediately by the password change to the random password. (This is why, when you create an account with -randkey, it immediately ends up with a kvno of 2 instead of 1.) -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
