[2696] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

Re: krb5-admin/395: addprinc -randkey appears to generate the same key each time

daemon@ATHENA.MIT.EDU (Barry Jaspan)
Wed Mar 12 16:05:48 1997

Date: Wed, 12 Mar 1997 21:02:08 GMT
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: krb5-bugs-redist@MIT.EDU


[ My response to Paul's bug report is below.  This message has already
been entered in the PR database. ]

From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: ppomes@Qualcomm.com
Cc: krb5-bugs@MIT.EDU, ppomes@Qualcomm.com, tep@sdsc.edu
Subject: 
Date: Wed, 12 Mar 1997 19:19:07 GMT

 You can relax; there is not a serious bug here.
 
 To explain:  When you create a principal with kadm5_create_principal
 (which kadmin's add_princ uses), you have to specify a password.  If
 you are going to randomize the principal's key, then of course that
 password doesn't matter; but you still need to specify one.
 Therefore, when you call add_principal -randkey, the following
 sequence of events occurs:
 
 1.  Create principal with pw = "\x01\x02...\xff" and with
 DISALLOW_ALL_TIX set.
 
 2.  Randomize the principal's key.
 
 3.  Modify the principal to unset DISALLOW_ALL_TIX.
 
 In step 1, passwd_check() is called with the dummy password, which is
 why you saw it containing the same value each time.  That password is
 never used.  passwd_check() is never called with a random key, because
 a random key is not a password.
 
 You can verify that keys are being randomized by extracting a
 principal twice into a keytab and using klist -k -K to show the actual
 keys.
 
 That being said, there are still a couple minor issues to resolve:
 
 a.  You said "the -randkey argument to ... modprinc".  modprinc never
 modifies principal keys, so it does not take the -randkey argument.
 If it does not actually generate a usage message when one is supplied,
 though, that is a bug that could confuse a user and should be fixed.
 
 b.  There is actually a specific automated test to make sure that
 kadm5_randkey_principal really does generate unique keys.  However, a
 quick glance at the Makefile seems to show that it isn't being run.
 This should be fixed.
 
 Before closing this PR I am going to review and verify all the claims
 I've made above and fix the minor bugs.
 
 Barry

home help back first fref pref prev next nref lref last post