Subject: | kadmin cannot add principal and extract random key in one step |
If a kadmin client has only "add" privileges, it cannot add a principal
with a random key and get the key in a single step. If the client gives
addprinc the -randkey option, then nobody except the KDC will know the
key, and the won't be able to act on the created principal.
The workaround is to create the principal with a password and then use
self-service to change the key to a random key. But this is awkward at
best: the client must make up a temporary but secure password, the
kadmin server must perform unnecessary string-to-key operations, the
password could fail password quality rules, etc..
A possible design to allow addition and key extraction as a single step
would be:
* Create a new create_principal4 RPC which accepts the same argument as
create_principal3 but returns the keys, either using a chrand_ret or a
substantially identical structure. create_principal3 can be implemented
in terms of create_principal4 in the server library, just as
create_principal is implemented in terms of create_principal3.
* Add a -keytab argument to the addprinc command. If it is used, kadmin
uses create_principal4 (and therefore only works with a new kadmin
server); otherwise it uses create_principal3 or create_principal as
appropriate.
with a random key and get the key in a single step. If the client gives
addprinc the -randkey option, then nobody except the KDC will know the
key, and the won't be able to act on the created principal.
The workaround is to create the principal with a password and then use
self-service to change the key to a random key. But this is awkward at
best: the client must make up a temporary but secure password, the
kadmin server must perform unnecessary string-to-key operations, the
password could fail password quality rules, etc..
A possible design to allow addition and key extraction as a single step
would be:
* Create a new create_principal4 RPC which accepts the same argument as
create_principal3 but returns the keys, either using a chrand_ret or a
substantially identical structure. create_principal3 can be implemented
in terms of create_principal4 in the server library, just as
create_principal is implemented in terms of create_principal3.
* Add a -keytab argument to the addprinc command. If it is used, kadmin
uses create_principal4 (and therefore only works with a new kadmin
server); otherwise it uses create_principal3 or create_principal as
appropriate.