[1453] in Kerberos_V5_Development
Re: kpasswd and kdb5_create...
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Tue Jul 30 16:07:12 1996
Date: Tue, 30 Jul 96 16:06:57 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: epeisach@MIT.EDU
Cc: krbcore@MIT.EDU
In-Reply-To: <9607281417.AA08060@kangaroo.mit.edu> (epeisach@MIT.EDU)
kdb5_create will add an entry into the database for kadmin/changepw
kadmind looks like it will accept either kadmin/changepw or ovsec_adm/changepw
kpasswd appears to only use ovsec_adm/changepw
Yeah, Marc noticed this too. Here's the scoop -- kpasswd was still
written to use OVSEC_KADM_API_VERSION_1, because it does not require
any of the new functionality of KADM5_API_VERSION_2 and it was easier
just to compile it with the old version defined. So I did not modify
the code AT ALL, meaning it is still using OVSEC_KADM_CHANGE_PW (or
whatever) which is ovsec_adm/changepw.
The easiest solution is to leave kpasswd using VERSION_1 but change
the call to init to pass KADM5_CHANGE_PW (or whatever) so it uses
kadmin/changepw. Alternativgely, one can rewrite all of kpasswd to
use version 2 of the API. I believe Marc already has rewritten it.
In short, this was a simple oversight.
Barry
