Support for Microsoft Set Password protocol

Nicolas Williams Nicolas.Williams at
Wed Apr 2 11:30:21 EST 2003

A change keys API will also be needed.

Inputs?  A principal name, a keytab name, an optional list of enctypes
and a flag/kvno indicating whether to remove old keytab entries.
Outputs?  Success/failure.  Side effects?  New keytab entries.

Alternatively the API should not edit a keytab but return a bunch of
keys (though each key including a principal name[*] and real name and a
kvno).  Leaving it to the application to actually store the keys in a

[*] Needed for principal aliasing.  See the v2 draft.


More information about the krbdev mailing list