Skip Menu |

Date: Mon, 7 Jan 2008 16:43:48 -0600
From: John Washington <>
Subject: add_principals -randkey and default_principal_flags = +preauth don't get along
When creating principals with -randkey I have noticed that kadmin
doesn't obey the kdc.conf. While this may just be a case of
documentation not obviously saying this, it is annoying in today's world
of all preauth'ed principals. I should note that it does work without
-randkey or with +requires_preauth, but this behavior creates an
annoying problem for bulk user creation scripts which rely on the
default defining the proper behavior.

John Washington Security Officer,
University of Illinois Urbana-Champaign
Download signature.asc
application/pgp-signature 189B

Message body not shown because it is not plain text.

This was fixed in 1.8. (The kadmin client and server must both be
upgraded to get the fixed behavior.)