confusion in ank.
Vipin Rathor
v.rathor at gmail.com
Mon Apr 23 10:14:59 EDT 2007
hi all,
>> My questions:
>> 1. Is this an expected behavior?
>> 2. Is this happening because of '-randkey'? (since not specifying
-randkey
>> gave proper Password expiration date.)
>It probably is happening because of -randkey, although I think that's a
>bug.
If Russ thinks that it's a bug, can somebody please tell me that what should
be the
correct behavior? and Where can I get this(in RFC...I guess???)
>-randkey is implemented under the hood by creating a disabled account with
>a fixed password, changing its password to a random password, and then
>enabling the account. I bet that the password expiration is applied to
>the initial account creation and then cleared immediately by the password
>change to the random password.
>(This is why, when you create an account with -randkey, it immediately
>ends up with a kvno of 2 instead of 1.)
Is it okey to for a random key principal to have a kvno 2 for nothing?(or is
there something
to do with this?)
Russ, thanks for reply. I really appreciete that.
Regards,
Rathor
More information about the Kerberos
mailing list