Review of Projects/Kadmin hook interface
Sam Hartman
hartmans at MIT.EDU
Mon Sep 27 16:00:40 EDT 2010
>>>>> "Russ" == Russ Allbery <rra at stanford.edu> writes:
Russ> Sam Hartman <hartmans at mit.edu> writes:
>>>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at oracle.com>
>>>>>>> writes:
Nicolas> Why not just do password change with randomized password,
Nicolas> so that way you have a password you can synchronize? This
Nicolas> is basically what AD does too.
>> I'd support this change, although it's probably beyond the scope
>> of what I'm doing to implement.
Russ> To mention, for those who aren't familiar, Heimdal has both
Russ> random key and random password options. The latter is indeed
Russ> very useful; we use it all the time now.
I think it's reasonable to implement random key in terms of random
password if you believe that krb5_c_string_to_key can generate
approximately all keys for a given enctype. I believe that's probably
true for AES and RC4.
The DES3 string2key concerns me somewhat and I know little about the
DES string2key.
--Sam
More information about the krbdev
mailing list