confusion in ank.

Kevin Coffman kwc at citi.umich.edu
Mon Apr 23 11:27:22 EDT 2007


On 4/23/07, Vipin Rathor <v.rathor at gmail.com> wrote:
> hi all,
>
> >> My questions:
> >> 1. Is this an expected behavior?
> >> 2. Is this happening because of '-randkey'? (since not specifying
> -randkey
> >>  gave proper Password expiration date.)
>
> >It probably is happening because of -randkey, although I think that's a
> >bug.
>
> If Russ thinks that it's a bug, can somebody please tell me that what should
> be the
> correct behavior? and Where can I get this(in RFC...I guess???)

I haven't looked at the code, but I think this is probably done on
purpose and is not a bug.  When you create a keytab, you create a new
random key for the account.  There is no password associated with that
key, and there is no longer a reason for a password expiration.

K.C.



More information about the Kerberos mailing list