Creation of principal without password
Fariba
fariba at usc.edu
Thu Aug 17 12:38:19 EDT 2006
Could you elaborate on that?
Ken Raeburn wrote:
> On Aug 17, 2006, at 12:20, Fariba wrote:
>> Thank you and others for replying. If we use the randkey option to
>> create the principal and do not transfer it to the keytab (if you
>> transfer it to the keytab, I assume anyone typing the username is
>> authenticated, so it is nor secure), is there a way to set the real
>> password? Using k_chpass requires the knowledge of the old
>> password, which when it is random we do not know it . Unless we can
>> set the password to known string (even null) for the users, I do not
>> see an alternative. I think I am answering myself. Seems like you
>> cannot use kerberos just to store the users and later add their
>> passwords. Any thoughts?
>
> You'd need some sort of administrator access, either through the
> kadmin protocol, or the set/change password protocol being worked on
> in the IETF.
>
> Ken
>
>
More information about the Kerberos
mailing list