Review of Projects/Kadmin hook interface
Nicolas Williams
Nicolas.Williams at oracle.com
Mon Sep 27 15:57:40 EDT 2010
On Mon, Sep 27, 2010 at 12:45:56PM -0700, Russ Allbery wrote:
> > Why not just do password change with randomized password, so that way
> > you have a password you can synchronize? This is basically what AD
> > does too.
>
> That of course is fine and for that you can just use the chpass
> interface. But that's not the operation performed by cpw -randkey. A
> [...]
I'm saying it's what it should do. I.e., the kadmin/kadm5 client should
be modified to randomize keys by doing a cpw with a randomized password.
You could also have a plugin that disallows set-key on principals whose
passwords you want to synchronize.
Nico
--
More information about the krbdev
mailing list