[16400] in Kerberos_V5_Development
Re: random to key from password
daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Sep 27 18:22:29 2010
From: Russ Allbery <rra@stanford.edu>
To: Nicolas Williams <Nicolas.Williams@oracle.com>
In-Reply-To: <20100927214453.GT9501@oracle.com> (Nicolas Williams's message of
"Mon, 27 Sep 2010 16:44:53 -0500")
Date: Mon, 27 Sep 2010 15:22:16 -0700
Message-ID: <87y6amrfmv.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: lha@h5l.org, Sam Hartman <hartmans@mit.edu>, krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Nicolas Williams <Nicolas.Williams@oracle.com> writes:
> The main benefit of radomized passwords over randomized keys is better
> synchronization/interop with AD. It's not that big a deal to me -- I've
> never needed the ability to synchronize service principals' passwords.
I've never needed that ability either, but I have needed the ability to
randomize a user's password and have that change reflected in AD. Heimdal
provides that capability (with the kadmin plugin); MIT currently does not
without using an external tool to generate a random password and then
doing a more traditional password change using that generated password.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
