[16382] in Kerberos_V5_Development
Re: Review of Projects/Kadmin hook interface
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Mon Sep 27 15:30:32 2010
Date: Mon, 27 Sep 2010 14:29:59 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: Russ Allbery <rra@stanford.edu>
Message-ID: <20100927192958.GK9501@oracle.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <871v8fvxz5.fsf@windlord.stanford.edu>
Cc: lha@h5l.org, Sam Hartman <hartmans@mit.edu>, krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, Sep 27, 2010 at 11:32:30AM -0700, Russ Allbery wrote:
> I would also document how this module is called if the key is being
> randomized (if at all). It would probably be best to add a separate
> interface that gets all of the keys, although in my specific use case
> (propagation to Active Directory), there isn't anything one can really do
> about a randomized key other than randomizing the password in Active
> Directory (to something unrelated to the new randomized key).
Why not just do password change with randomized password, so that way
you have a password you can synchronize? This is basically what AD
does too.
> For a complete interface, you probably also want to add rename and
> chpass_with_key. I didn't have those in my Heimdal hooks for the same
> reason I didn't have remove: I didn't need them for my immediate problem
> and hadn't had time to work on the broader issue.
What is chpass_with_key?
Does renaming principals work nowadays?
Nico
--
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
