Question related to keytab entries upgrade

Nico Williams nico at
Wed Jan 16 19:27:51 EST 2013

On Wed, Jan 16, 2013 at 5:46 PM, Nico Williams <nico at> wrote:
> On Wed, Jan 16, 2013 at 5:37 PM, Greg Hudson <ghudson at> wrote:
>> I said it.  I wasn't talking about RNG quality.  With the setkey RPC,
>> the KDC doesn't know whether the client chose the key randomly at all;
>> it could be the string2key output of a password which wouldn't pass the
>> password policy.
> Ah, yes, there's that.

Of course, one can always just deny setkey to principals with password
quality policies.

More information about the krbdev mailing list