addprinc -randkey broken in 1.7?
rra at stanford.edu
Thu Sep 17 00:13:00 EDT 2009
Greg Hudson <ghudson at MIT.EDU> writes:
> Here's the history of the temporary password used for addprinc -randkey:
> * Through krb5 1.1, it was "dummy", which would fail any password
> policy requiring multiple character classes or more than five
> characters. This might explain Russ's experiences.
> * In r9210 (October 1996), it was changed to a 255 byte string
> containing all possible nonzero byte values, which would pass any policy
> with a reasonable minimum length. I believe this change first hit the
> field in krb5 1.2.
Ah, sorry, my experience is better explained by the fact that we patch the
KDC to apply cracklib checks on a password policy, and cracklib fails this
password. Sorry about the confusion.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos