[1549] in Kerberos_V5_Development
Re: kdb5_edit
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Tue Aug 13 12:02:03 1996
Date: Tue, 13 Aug 1996 11:59:22 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: epeisach@MIT.EDU
Cc: krbcore@MIT.EDU
In-Reply-To: <9608130038.AA11782@kangaroo.mit.edu> (epeisach@MIT.EDU)
Since Barry has made it clear that kdb5_edit should not be used...
Allow me to explain this position. There are a number of reasons that
kdb5_edit should no longer be used:
o All of its functionality is now provided by other programs: kadmin
(or kadmin.local), kdb5_util, and ktutil.
o If people continue to use kdb5_edit, we will have to continue to
maintain kdb5_edit. We also have to continue to maintain kadmin and
kdb5_util. So, we'll be maintaining two pieces of code to do the same
thing, which is a waste of effort.
o kdb5_edit does not know about KADM5 and so is insufficient on its
own. For example, if you change a password with kdb5_edit, the
password policy is not enforced and the principal's password history
is not updated. If you delete a principal, its policy's reference
count is not decremented. And so forth.
Barry
