addprinc -randkey broken in 1.7?
Russ Allbery
rra at stanford.edu
Wed Sep 16 16:13:13 EDT 2009
"Leonard J. Peirce" <leonard.peirce at gmail.com> writes:
> When running (in kadmin)
> addprinc -randkey host/host.domain
> I get a complaint about the password not containing enough character
> classes. Did I miss something? Not really a big deal since I can
> just specify a password.
> It used to work in 1.6.
addprinc -randkey hasn't worked for principals that have a password policy
set for somet time for me. The way -randkey works under the hood is that
it adds the principal disabled with a fixed password (which is indeed
pretty bad except that it's very long), then randomizes the key, and then
enables the principal.
This has other strange artifacts (or at least did -- I don't know if
they've been fixed). For example, adding a principal with -randkey and
-disallow_all_tix results in an enabled principal, igoring the
-disallow_all_tix option.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list