nero@eng.umd.edu (Oren L. Stern) (06/14/90)
Hello, out there! Does anyone have a utility to add all users from the password file into the Kerberos database with the same password? It should probably use kdb_util dump and kdb_util load. Please mail any responses directly to nero@eng.umd.edu. Thank you! -- Oren Stern (nero@eng.umd.edu) | "A boy without mischief is like a bowling ball UUCP: uunet!eng.umd.edu!nero | without a liquid center" -- Homer Simpson
smb@ulysses.att.com (06/14/90)
Hello, out there! Does anyone have a utility to add all users from the password file into the Kerberos database with the same password? It should probably u se kdb_util dump and kdb_util load. Please mail any responses directly to nero@eng.umd.edu. Thank you! -- Oren Stern (nero@eng.umd.edu) | "A boy without mischief is like a bowli ng ball UUCP: uunet!eng.umd.edu!nero | without a liquid center" -- Ho mer Simpson Sorry, it's not possible. The Kerberos database stores the actual DES key, whereas /etc/passwd uses an irreversible transform based on the typed password; there's no way to recover the DES key or the password itself from the stored information.
jon@MIT.EDU (Jon A. Rochlis) (06/14/90)
One thing Athena did when faced with this problem, is to hack the admin server (an old version) to accept the unix password, so if you could provide your unix password *and* didn't had a null key in the Kerberos database, you could set one. This was a bit marginal (since there was no true secure path to the admin server, but it was a comprimise). Because of the student turnover, before long all new students were registered the proper way. -- Jon
mpr@SUSHI.CTT.BELLCORE.COM (Michael P. Ressler) (06/15/90)
Jon, Why the condition that that the user didn't have a null key in the Kerberos database? > One thing Athena did when faced with this problem, is to hack the > admin server (an old version) to accept the unix password, so if you > could provide your unix password *and* didn't had a null key in the > Kerberos database, you could set one. Mike Ressler mpr@ctt.bellcore.com
jon@MIT.EDU (Jon A. Rochlis) (06/16/90)
Jon, Why the condition that that the user didn't have a null key in the Kerberos database? > One thing Athena did when faced with this problem, is to hack the > admin server (an old version) to accept the unix password, so if you > could provide your unix password *and* didn't had a null key in the > Kerberos database, you could set one. Opps, my mistake. I meant to say, if you could privide your unix password *and* had a null key The major point here was that you couldn't change the key for a user who was already registered with Kerberos. It only worked for people who weren't registered. -- Jon