Review of Projects/Kadmin hook interface
Russ Allbery
rra at stanford.edu
Mon Sep 27 16:01:14 EDT 2010
Nicolas Williams <Nicolas.Williams at oracle.com> writes:
> I'm saying it's what it should do. I.e., the kadmin/kadm5 client should
> be modified to randomize keys by doing a cpw with a randomized password.
If you made this change globally (rather than making it an option, such as
in Heimdal), then it would apply to keytab-only principals such as host/*
keys as well. Do we lose any security benefit from having all the
enctypes have independent keys the way that we get now with -randkey? (Or
at least I always assumed we got that now; maybe we don't?)
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list