Hello, We have an application that uses kadm5_setkey_principal() to set the key for a Kerberos account. This application works fine on a KDC with a BDB backend, but fails to set the key on a KDC with an LDAP backend. Both Kerberos KDC's have the "s" flag set in the ACL file. The interesting thing is that if we have our application set a random key using kadm5_randkey_principal(), it works perfectly no matter the backend. But obviously, randkey is not what we want.
In the LDAP messages log, the only attribute that is modified when doing the setkey is, MOD attr=krbExtraData But when doing the randkey, the usual set of attributes are modified, MOD attr=krbLoginFailedCount krbprincipalkey krbpasswordexpiration krbLastPwdChange krbExtraData Is this a known issue? We are using krb5-1.10.3 currently on Linux. Thanks, Frank Boston University Senior Systems Engineer ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
