confusion in ank.

Nicolas Williams Nicolas.Williams at sun.com
Mon Apr 23 11:52:36 EDT 2007


On Mon, Apr 23, 2007 at 11:27:22AM -0400, Kevin Coffman wrote:
> I haven't looked at the code, but I think this is probably done on
> purpose and is not a bug.  When you create a keytab, you create a new
> random key for the account.  There is no password associated with that
> key, and there is no longer a reason for a password expiration.

Password quality policies certainly shouldn't apply to randomly-
generated keys, but that does not mean that there cannot be a key
expiration policy.



More information about the Kerberos mailing list