addprinc -randkey broken in 1.7?
rra at stanford.edu
Wed Sep 16 18:50:13 EDT 2009
Mike Friedman <mikef at berkeley.edu> writes:
> I'm running 1.6.3 and don't have this problem. In fact, looking at the
> code in src/kadmin/cli/kadmin.c, it appears that when '-randkey' is used
> for addprinc, the password is set initially to a 256 character string
> containing all possible character values from 1 thru 255 plus a
> terminating 0 (and then randomized in a separate step). This, I would
> think, should satisfy any password policy.
Well, it's certainly rejected by our password policy. :) I don't know
how it interacts with the character class checking. We have to always
clear policies on keys before using randkey.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos