[31382] in Kerberos
Re: ktadd then principal's password no longer works?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Aug 14 12:58:30 2009
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <20090814151207.GA15104@isc.upenn.edu> (Shumon Huque's message of
"Fri, 14 Aug 2009 11:12:07 -0400")
Date: Fri, 14 Aug 2009 09:57:28 -0700
Message-ID: <873a7umiyv.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Shumon Huque <shuque@isc.upenn.edu> writes:
> This won't work. ktadd creates a new random key everytime it
> is invoked, thus destroying your earlier password derived
> key. The manpage says:
> ktadd [-k keytab] [-q] [-e keysaltlist]
> [principal | -glob princ-exp] [...]
> Adds a principal or all principals matching princ-exp
> to a keytab, randomizing each principal's key in the
> process. ...
> I don't think the MIT distro has any tool to do what you want.
ktadd -norandkey. It's only available via kadmin.local.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
