Creation of principal without password

Ken Raeburn raeburn at MIT.EDU
Thu Aug 17 12:25:54 EDT 2006

On Aug 17, 2006, at 12:20, Fariba wrote:
> Thank you and others for replying.  If we use the randkey option to  
> create the principal and do not transfer it to the keytab (if you  
> transfer it to the keytab, I assume anyone typing the username is  
> authenticated, so it is nor secure), is there a way to set the real  
> password? Using  k_chpass  requires the knowledge of the old  
> password, which when it is random we do not know it . Unless we can  
> set the password to known string (even null) for the users, I do  
> not see an alternative. I think I am answering myself. Seems like  
> you cannot use kerberos just to store the users and later add their  
> passwords. Any thoughts?

You'd need some sort of administrator access, either through the  
kadmin protocol, or the set/change password protocol being worked on  
in the IETF.


More information about the Kerberos mailing list