How do you allow principal creation with no random keys? I hope
this means with no password as well.
At the moment, I don't think it's possible in the MIT code. But with
PKINIT, we may want to change that.
Also with PKINIT, it is window's specific. right?
Um, no, but MIT isn't
Your case is a good example. How do you allow principal creation with no
random keys? I hope this means with no password as well. Also with
PKINIT, it is window's specific. right? And still user needs to have the
password set first and then PKINIT comes to picture. right? As admin we
want to
a principal witout its associated password would be pointless for
kerberos since that account would not be able to use tickets that by
definition are encrypted with a key based on said accounts password.
i.e. no
On 8/17/06, Fariba [EMAIL PROTECTED] wrote:
Is it possible to create a principal
Fariba wrote:
Is it possible to create a principal without password in kerberos? Thank
you.
You can create a principal with a random key (password) by using the
-randkey option (i.e. in kadmin, 'addprinc -randkey user'). You can
then extract this to a keytab, and use the keytab to authorise
(PLEASE don't include kerberos-announce in the recipient list on
queries. It's just more work for us to go delete the messages from
the moderation queue.)
On Aug 17, 2006, at 06:07, ronnie sahlberg wrote:
a principal witout its associated password would be pointless for
kerberos since that
On Aug 17, 2006, at 12:20, Fariba wrote:
Thank you and others for replying. If we use the randkey option to
create the principal and do not transfer it to the keytab (if you
transfer it to the keytab, I assume anyone typing the username is
authenticated, so it is nor secure), is there a
Thank you and others for replying. If we use the randkey option to
create the principal and do not transfer it to the keytab (if you
transfer it to the keytab, I assume anyone typing the username is
authenticated, so it is nor secure), is there a way to set the real
password? Using k_chpass
Could you elaborate on that?
Ken Raeburn wrote:
On Aug 17, 2006, at 12:20, Fariba wrote:
Thank you and others for replying. If we use the randkey option to
create the principal and do not transfer it to the keytab (if you
transfer it to the keytab, I assume anyone typing the username is
On Aug 17, 2006, at 12:38, Fariba wrote:
Could you elaborate on that?
Ken Raeburn wrote:
You'd need some sort of administrator access, either through the
kadmin protocol, or the set/change password protocol being worked on
in the IETF.
An administrator could change the password with kadmin's
Fariba [EMAIL PROTECTED] writes:
Could you elaborate on that?
In order to change the key of a principal, you need administrative access
to the KDC database, either through kadmin.local, the kadmin network
protocol, or something like the password change protocol (which is only
Is it possible to create a principal without password in kerberos? Thank
you.
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
11 matches
Mail list logo
