[19695] in Kerberos_V5_Development
randkey versus a big random password
daemon@ATHENA.MIT.EDU (Chris Hecker)
Mon Nov 27 15:24:31 2017
MIME-Version: 1.0
From: Chris Hecker <checker@d6.com>
Date: Mon, 27 Nov 2017 12:24:06 -0800
Message-ID: <CAOdMLc36-X16O4EL=zWJa-M=GaCZthMyJrXT+pwk4LWN1FcDFg@mail.gmail.com>
To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
The version of kadm5 I'm using doesn't have the kadm5_get_principal_keys
function, nor does it seem to ever return keys to the kadm5 client (which
seems to have been the thing before
https://krbdev.mit.edu/rt/Ticket/Display.html?id=8364). I plan to upgrade
at some point soon, but is there any advantage to trying to get a rankey
generated key from the KDC back to my client app over just making a big
random password and sending it over, and then using it to generate the key
locally? Seems like fewer round trips anyway? Is there any optimal length
for the password (the enctype will be AES256)?
Thanks,
Chris
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev