From krb5-bugs-incoming-bounces@PCH.MIT.EDU Fri Sep 12 12:14:08 2008
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP
id m8CGE8o4011379; Fri, 12 Sep 2008 12:14:08 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CGE3uB026775;
Fri, 12 Sep 2008 12:14:03 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CFjpaD020474
for <krb5-bugs-incoming@PCH.mit.edu>; Fri, 12 Sep 2008 11:45:51 -0400
Received: from mit.edu (W92-130-BARRACUDA-1.MIT.EDU [18.7.21.220])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
m8CFjhcU006508
for <krb5-bugs@mit.edu>; Fri, 12 Sep 2008 11:45:43 -0400 (EDT)
Received: from spam.ifs.umich.edu (spam.ifs.umich.edu [141.211.1.36])
(using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by mit.edu (Spam Firewall) with ESMTP id D3886B10731
for <krb5-bugs@mit.edu>; Fri, 12 Sep 2008 11:44:52 -0400 (EDT)
Received: from root by spam.ifs.umich.edu with local (Exim 4.69)
(envelope-from <mdw@umich.edu>)
id 1KeApI-0005uU-9f; Fri, 12 Sep 2008 11:44:52 -0400
To: krb5-bugs@mit.edu
Subject: rename principals
From: mdw@umich.edu
X-send-pr-version: 3.99
Message-Id: <E1KeApI-0005uU-9f@spam.ifs.umich.edu>
Date: Fri, 12 Sep 2008 11:44:52 -0400
X-Spam-Score: 4.461
X-Spam-Level: **** (4.461)
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Fri, 12 Sep 2008 12:14:01 -0400
Cc: kwc@umich.edu, vpliakas@umich.edu, mdw@umich.edu
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: mdw@umich.edu
Sender: krb5-bugs-incoming-bounces@PCH.MIT.EDU
Errors-To: krb5-bugs-incoming-bounces@PCH.MIT.EDU
System: Linux strawdogs.ifs.umich.edu 2.6.23.1 #3 SMP Tue Oct 23 11:37:43 EDT 2007 i686 GNU/Linux
Architecture: i686
never finished. Here is a patch that adds the
missing pieces. The interesting trick is converting
realm dependent salt to special salt.
while preserving the password that you don't know.
process after changing their login.
Compile-time fix, apply the patch in
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.6.3-rename.patch
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP
id m8CGE8o4011379; Fri, 12 Sep 2008 12:14:08 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CGE3uB026775;
Fri, 12 Sep 2008 12:14:03 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CFjpaD020474
for <krb5-bugs-incoming@PCH.mit.edu>; Fri, 12 Sep 2008 11:45:51 -0400
Received: from mit.edu (W92-130-BARRACUDA-1.MIT.EDU [18.7.21.220])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
m8CFjhcU006508
for <krb5-bugs@mit.edu>; Fri, 12 Sep 2008 11:45:43 -0400 (EDT)
Received: from spam.ifs.umich.edu (spam.ifs.umich.edu [141.211.1.36])
(using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by mit.edu (Spam Firewall) with ESMTP id D3886B10731
for <krb5-bugs@mit.edu>; Fri, 12 Sep 2008 11:44:52 -0400 (EDT)
Received: from root by spam.ifs.umich.edu with local (Exim 4.69)
(envelope-from <mdw@umich.edu>)
id 1KeApI-0005uU-9f; Fri, 12 Sep 2008 11:44:52 -0400
To: krb5-bugs@mit.edu
Subject: rename principals
From: mdw@umich.edu
X-send-pr-version: 3.99
Message-Id: <E1KeApI-0005uU-9f@spam.ifs.umich.edu>
Date: Fri, 12 Sep 2008 11:44:52 -0400
X-Spam-Score: 4.461
X-Spam-Level: **** (4.461)
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Fri, 12 Sep 2008 12:14:01 -0400
Cc: kwc@umich.edu, vpliakas@umich.edu, mdw@umich.edu
X-BeenThere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: mdw@umich.edu
Sender: krb5-bugs-incoming-bounces@PCH.MIT.EDU
Errors-To: krb5-bugs-incoming-bounces@PCH.MIT.EDU
Show quoted text
>Submitter-Id: net
>Originator: mdw@umich.edu
>Organization:
University of Michigan>Originator: mdw@umich.edu
>Organization:
Show quoted text
>Confidential: no
>Synopsis: rename principals
>Severity: non-critical
>Priority: low
>Category: krb5-admin
>Class: change-request
>Release: 1.6.3
>Environment:
dell pe1750 running umce linux, krb5 1.6.3+patches>Synopsis: rename principals
>Severity: non-critical
>Priority: low
>Category: krb5-admin
>Class: change-request
>Release: 1.6.3
>Environment:
System: Linux strawdogs.ifs.umich.edu 2.6.23.1 #3 SMP Tue Oct 23 11:37:43 EDT 2007 i686 GNU/Linux
Architecture: i686
Show quoted text
>Description:
In mit k5 kerberos, there is a rename rpc that wasnever finished. Here is a patch that adds the
missing pieces. The interesting trick is converting
realm dependent salt to special salt.
Show quoted text
>How-To-Repeat:
Run kadmin. Try, just try to rename a principalwhile preserving the password that you don't know.
Show quoted text
>Fix:
Workaround: require users go through a password resetprocess after changing their login.
Compile-time fix, apply the patch in
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.6.3-rename.patch