Creation of principal without password
Ken Raeburn
raeburn at MIT.EDU
Thu Aug 17 12:25:54 EDT 2006
On Aug 17, 2006, at 12:20, Fariba wrote:
> Thank you and others for replying. If we use the randkey option to
> create the principal and do not transfer it to the keytab (if you
> transfer it to the keytab, I assume anyone typing the username is
> authenticated, so it is nor secure), is there a way to set the real
> password? Using k_chpass requires the knowledge of the old
> password, which when it is random we do not know it . Unless we can
> set the password to known string (even null) for the users, I do
> not see an alternative. I think I am answering myself. Seems like
> you cannot use kerberos just to store the users and later add their
> passwords. Any thoughts?
You'd need some sort of administrator access, either through the
kadmin protocol, or the set/change password protocol being worked on
in the IETF.
Ken
More information about the Kerberos
mailing list