[Heimdal-source-changes] [heimdal/heimdal] 83def5: kadmin: do not assign passwords at realm initializ...
GitHub
noreply at github.com
Tors Dec 27 06:27:54 CET 2018
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 83def5bc18251f474ea09f1f49e4c0a207c85458
https://github.com/heimdal/heimdal/commit/83def5bc18251f474ea09f1f49e4c0a207c85458
Author: Luke Howard <lukeh at padl.com>
Date: 2018-12-27 (Thu, 27 Dec 2018)
Changed paths:
M kadmin/init.c
Log Message:
-----------
kadmin: do not assign passwords at realm initialization
Since c6bf100b password quality checks have been moved out of kadmindd and into
libkadm5. This means that all password changes are subject to quality checks,
if enforce_on_admin_set is true (the default). In rare instances it could be
possible for realm initialization to fail because the randomly generated
passwords do not pass the password quality test. Fix this by creating
principals with no password or key, rather than with a random password.
Random *keys* continue to be set immediately after the principal is created,
and before DISALLOW_ALL_TIX is unset, so there should be no functionality or
security implications from this change. It is safe to call a server-side API
such as kadm5_s_create_principal_with_key() as local_flag is asserted to be
true.
**NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the Heimdal-source-changes
mailing list