Creation of principal without password

Fariba fariba at
Thu Aug 17 12:38:19 EDT 2006

Could you elaborate on that?
Ken Raeburn wrote:
> On Aug 17, 2006, at 12:20, Fariba wrote:
>> Thank you and others for replying.  If we use the randkey option to 
>> create the principal and do not transfer it to the keytab (if you 
>> transfer it to the keytab, I assume anyone typing the username is 
>> authenticated, so it is nor secure), is there a way to set the real 
>> password? Using  k_chpass  requires the knowledge of the old 
>> password, which when it is random we do not know it . Unless we can 
>> set the password to known string (even null) for the users, I do not 
>> see an alternative. I think I am answering myself. Seems like you 
>> cannot use kerberos just to store the users and later add their 
>> passwords. Any thoughts?
> You'd need some sort of administrator access, either through the 
> kadmin protocol, or the set/change password protocol being worked on 
> in the IETF.
> Ken

More information about the Kerberos mailing list