Question related to keytab entries upgrade
Nico Williams
nico at cryptonector.com
Wed Jan 16 19:27:51 EST 2013
On Wed, Jan 16, 2013 at 5:46 PM, Nico Williams <nico at cryptonector.com> wrote:
> On Wed, Jan 16, 2013 at 5:37 PM, Greg Hudson <ghudson at mit.edu> wrote:
>> I said it. I wasn't talking about RNG quality. With the setkey RPC,
>> the KDC doesn't know whether the client chose the key randomly at all;
>> it could be the string2key output of a password which wouldn't pass the
>> password policy.
>
> Ah, yes, there's that.
Of course, one can always just deny setkey to principals with password
quality policies.
More information about the krbdev
mailing list