afs to k5 conversion keytypes
Sam Hartman
hartmans at MIT.EDU
Tue Feb 22 15:33:51 EST 2005
>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
Ken> Thewre is one way ... but it requires you to have your
Ken> Kerberos Shit Together.
Ken> Write a custom login program that once you login correctly
Ken> using an AFS salted key, generates a V5 salted key from that
Ken> plaintext password and stores it somewhere. "Somewhere"
Ken> could be in a V5 database (e.g., you can simply force a
Ken> password change). This means not only would you have to know
Ken> how to program the poorly-documented Kerberos API, but you
Ken> would have to figure out how to program the
Ken> even-more-poorly-documented kadm5 API.
krb5_change_password is not any worse to use than the init_creds API.
You can avoid the kadm5 API.
More information about the Kerberos
mailing list