Given a KDC using the LDAP backend, has anyone created a stand alone tool to create user principals by directly adding a LDAP entry?
Apparently the difficultly is correctly creating the ASN.1 encoded key attribute (krbPrincipalkey) which is harder still because of the need to encrypt it using the master key (krbMKey). In the LDAP world, it isn't unusual that the password attribute value is generated with a special tool (unless the plaintext password is used). I think two tools would be interesting. 1. A tool that only spits out the krbPrincipalkey attribute on STDOUT. 2. A tool that creates the whole user principal including the krbPrincipalkey. More specifically, I would like some perl or python code that I include in a larger project. If either tools has not been created, there is code from the FreeIPA project, inside ipa_pwd_extop.c (see http://tinyurl.com/cfu63x) that fetches the master key and properly create the ASN.1 encoded key. That code could be used as a starting point or inspiration. Dax Kelson Guru Labs ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
