[16387] in Kerberos_V5_Development
Re: Review of Projects/Kadmin hook interface
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon Sep 27 16:00:51 2010
From: Sam Hartman <hartmans@mit.edu>
To: Russ Allbery <rra@stanford.edu>
Date: Mon, 27 Sep 2010 16:00:40 -0400
In-Reply-To: <877hi7ufqr.fsf@windlord.stanford.edu> (Russ Allbery's message of
"Mon, 27 Sep 2010 12:51:40 -0700")
Message-ID: <tslpqvzufbr.fsf@live.suchdamage.org>
MIME-Version: 1.0
Cc: lha@h5l.org, krbdev@mit.edu,
Nicolas Williams <nicolas.williams@oracle.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>>>>> "Russ" == Russ Allbery <rra@stanford.edu> writes:
Russ> Sam Hartman <hartmans@mit.edu> writes:
>>>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@oracle.com>
>>>>>>> writes:
Nicolas> Why not just do password change with randomized password,
Nicolas> so that way you have a password you can synchronize? This
Nicolas> is basically what AD does too.
>> I'd support this change, although it's probably beyond the scope
>> of what I'm doing to implement.
Russ> To mention, for those who aren't familiar, Heimdal has both
Russ> random key and random password options. The latter is indeed
Russ> very useful; we use it all the time now.
I think it's reasonable to implement random key in terms of random
password if you believe that krb5_c_string_to_key can generate
approximately all keys for a given enctype. I believe that's probably
true for AES and RC4.
The DES3 string2key concerns me somewhat and I know little about the
DES string2key.
--Sam
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
