[16385] in Kerberos_V5_Development
Re: Review of Projects/Kadmin hook interface
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon Sep 27 15:53:39 2010
From: Sam Hartman <hartmans@mit.edu>
To: Nicolas Williams <Nicolas.Williams@oracle.com>
Date: Mon, 27 Sep 2010 15:50:17 -0400
In-Reply-To: <20100927192958.GK9501@oracle.com> (Nicolas Williams's message of
"Mon, 27 Sep 2010 14:29:59 -0500")
Message-ID: <tsltylbuft2.fsf@live.suchdamage.org>
MIME-Version: 1.0
Cc: lha@h5l.org, Russ Allbery <rra@stanford.edu>, krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@oracle.com> writes:
Nicolas> On Mon, Sep 27, 2010 at 11:32:30AM -0700, Russ Allbery wrote:
>> I would also document how this module is called if the key is
>> being randomized (if at all). It would probably be best to add a
>> separate interface that gets all of the keys, although in my
>> specific use case (propagation to Active Directory), there isn't
>> anything one can really do about a randomized key other than
>> randomizing the password in Active Directory (to something
>> unrelated to the new randomized key).
Nicolas> Why not just do password change with randomized password,
Nicolas> so that way you have a password you can synchronize? This
Nicolas> is basically what AD does too.
I'd support this change, although it's probably beyond the scope of what
I'm doing to implement.
--Sam
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
