[31481] in Kerberos
Re: addprinc -randkey broken in 1.7?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Sep 16 18:51:28 2009
From: Russ Allbery <rra@stanford.edu>
To: Mike Friedman <mikef@berkeley.edu>
In-Reply-To: <alpine.BSF.1.10.0909161534150.15429@brillig.security.berkeley.edu>
(Mike Friedman's message of "Wed, 16 Sep 2009 15:39:37 -0700 (PDT)")
Date: Wed, 16 Sep 2009 15:50:13 -0700
Message-ID: <87ljkezeqi.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: "Leonard J. Peirce" <leonard.peirce@gmail.com>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Mike Friedman <mikef@berkeley.edu> writes:
> I'm running 1.6.3 and don't have this problem. In fact, looking at the
> code in src/kadmin/cli/kadmin.c, it appears that when '-randkey' is used
> for addprinc, the password is set initially to a 256 character string
> containing all possible character values from 1 thru 255 plus a
> terminating 0 (and then randomized in a separate step). This, I would
> think, should satisfy any password policy.
Well, it's certainly rejected by our password policy. :) I don't know
how it interacts with the character class checking. We have to always
clear policies on keys before using randkey.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
