confusion in ank.

Vipin Rathor v.rathor at gmail.com
Mon Apr 23 10:14:59 EDT 2007


hi all,

>> My questions:
>> 1. Is this an expected behavior?
>> 2. Is this happening because of '-randkey'? (since not specifying
-randkey
>>  gave proper Password expiration date.)

>It probably is happening because of -randkey, although I think that's a
>bug.

If Russ thinks that it's a bug, can somebody please tell me that what should
be the
correct behavior? and Where can I get this(in RFC...I guess???)

>-randkey is implemented under the hood by creating a disabled account with
>a fixed password, changing its password to a random password, and then
>enabling the account.  I bet that the password expiration is applied to
>the initial account creation and then cleared immediately by the password
>change to the random password.

>(This is why, when you create an account with -randkey, it immediately
>ends up with a kvno of 2 instead of 1.)
Is it okey to for a random key principal to have a kvno 2 for nothing?(or is
there something
to do with this?)

Russ, thanks for reply. I really appreciete that.

Regards,
Rathor



More information about the Kerberos mailing list