random to key from password
Russ Allbery
rra at stanford.edu
Mon Sep 27 18:22:16 EDT 2010
Nicolas Williams <Nicolas.Williams at oracle.com> writes:
> The main benefit of radomized passwords over randomized keys is better
> synchronization/interop with AD. It's not that big a deal to me -- I've
> never needed the ability to synchronize service principals' passwords.
I've never needed that ability either, but I have needed the ability to
randomize a user's password and have that change reflected in AD. Heimdal
provides that capability (with the kadmin plugin); MIT currently does not
without using an external tool to generate a random password and then
doing a more traditional password change using that generated password.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list