more ldap concerns

Savitha R rsavitha at novell.com
Fri Jun 9 06:55:11 EDT 2006 


>>> On Thu, Jun 8, 2006 at  4:38 am, in message
<20060607230806.GL23943 at sun.com>,
Will Fiveash <William.Fiveash at sun.com> wrote: 
> On Wed, Jun 07, 2006 at 05:39:27PM - 0500, Will Fiveash wrote:
> 
> and when I do:
> 
> kadmin.local - q 'cpw - randkey krbtgt/ACME.COM'
> kadmin.local - q 'cpw - randkey krbtgt/ACME.COM'
> 
> I see:
> 
> kadmin.local - q 'getprinc krbtgt/ACME.COM'    
> Authenticating as principal willf/admin at ACME.COM with password.
> Principal: krbtgt/ACME.COM at ACME.COM
> Expiration date: [never]
> Last password change: Wed Jun 07 18:05:56 CDT 2006
> Password expiration date: [none]
> Maximum ticket life: 1 day 00:00:00
> Maximum renewable life: 7 days 00:00:00
> Last modified: Wed Jun 07 18:05:56 CDT 2006 (cn=directory
manager at ACME.COM)
> Last successful authentication: [never]
> Last failed authentication: [never]
> Failed password attempts: 0
> Number of keys: 5
> Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
> Key: vno 2, Triple DES cbc mode with HMAC/sha1, no salt
> Key: vno 2, DES cbc mode with CRC- 32, no salt
> Key: vno 3, Triple DES cbc mode with HMAC/sha1, no salt
> Key: vno 3, DES cbc mode with CRC- 32, no salt
> Attributes:
> Policy: [none]
> 
> Why are the old keys still around?

Not able to replicate this problem. Here is the output from my setup
(ldap trunk code as on 8th June)

kadmin/cli/kadmin.local -q "getprinc krbtgt/TEST2"
Authenticating as principal rsavitha/admin at TEST2 with password.
Principal: krbtgt/TEST2 at TEST2
Expiration date: [never]
Last password change: [never]
Password expiration date: [none]
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 0 days 00:00:00
Last modified: Fri Jun 09 15:43:58 IST 2006
(cn=Manager,dc=testopenldap,dc=com at TEST2)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Attributes:
Policy: [none]

kadmin/cli/kadmin.local -q "cpw -randkey krbtgt/TEST2"
Authenticating as principal rsavitha/admin at TEST2 with password.
Key for "krbtgt/TEST2 at TEST2" randomized.

kadmin/cli/kadmin.local -q "getprinc krbtgt/TEST2"
Authenticating as principal rsavitha/admin at TEST2 with password.
Principal: krbtgt/TEST2 at TEST2
Expiration date: [never]
Last password change: Fri Jun 09 15:44:24 IST 2006
Password expiration date: [none]
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 0 days 00:00:00
Last modified: Fri Jun 09 15:44:24 IST 2006
(cn=Manager,dc=testopenldap,dc=com at TEST2)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 2, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 2, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]

Sequence of commands tried: create realm, getprinc, cpw with randkey
option and getprinc.

Is there any step that I have missed?


Thanks
Savitha

More information about the krbdev mailing list