Bug 472810 - adding to keytab erases password
adding to keytab erases password
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: krb5 (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Nalin Dahyabhai
Depends On:
  Show dependency treegraph
Reported: 2008-11-24 14:16 EST by Petr Sklenar
Modified: 2008-11-24 14:57 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-11-24 14:43:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Petr Sklenar 2008-11-24 14:16:53 EST
Description of problem:
create password for user with ank -pw $rootpass host/test.$domain
Then adding to keytab erases password.

Version-Release number of selected component (if applicable):
# rpm -qa krb5-*

How reproducible:

Steps to Reproduce:

kdb5_util create -s -P $kdcpass

echo "Starting services"
service kadmin start
service krb5kdc start

echo "Creating user $user credentials"
kadmin.local -q "addprinc -pw $rootpass root/admin"
kadmin.local -q "addprinc -randkey host/$host"

kadmin.local -q "ktadd host/$host"
useradd $user
echo $syspass | passwd --stdin $user
kadmin.local -q "addprinc -pw $krbpass $user"

echo $syspass | kinit $user
kadmin.local -q "ank -randkey DNS/`hostname`"
kadmin.local -q "ktadd DNS/`hostname`"

kadmin.local -q "ank -pw $rootpass host/test.$domain"

kadmin.local -q "ktadd host/test.$domain"
^when i do "ktadd", then password is erased and i have to set up password manually, i cannot connect after these command with "kinit client"

kinit host/test.$domain
## i write me $rootpass here

Actual results:
password is incorrect, when record is added to keytab. I cannot connect with kinit host/test.$domain

Expected results:
password is not erased

Additional info:
without line kadmin.local -q "ktadd host/test.$domain" everything works as I expected and password is $rootpass.
Comment 1 Nalin Dahyabhai 2008-11-24 14:43:49 EST
That's how kadmin's "ktadd" command works -- it generates a new randomized key for the principal, sets it on the KDC (note: the key is sent from the client to the KDC, never the other way), and then stores a copy in the indicated keytab.  To get the result you're expecting, you need to use ktutil's "addent" command instead.
Comment 2 Petr Sklenar 2008-11-24 14:57:28 EST
ok thank much for explanation

Note You need to log in before you can comment on or make changes to this bug.