Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 407

Prior to 1.8, addprinc -randkey was implemented in three RPCs: create the 
principal with a dummy password and the disallow-all-tix flag, randomize 
its password, unset the disallow-all-tix flag.  This had the unfortunate 
side effect of ignoring the KDC's default flags.

There is now a better way (create the principal with a null password), 
but clients and servers both have to be at 1.8 for it to work.